Ubuntu 6.06 LTS / 6.10 : slocate vulnerability (USN-425-1)

Ubuntu Security Notice (C) 2007-2013 Canonical, Inc. / NASL script (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

A flaw was discovered in the permission checking code of slocate. When
reporting matching files, locate would not correctly respect the
parent directory's 'read' bits. This could result in filenames being
displayed when the file owner had expected them to remain hidden from
other system users.

Solution :

Update the affected slocate package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 28018 ()

Bugtraq ID:

CVE ID: CVE-2007-0227