Fedora Core 1 : slocate-2.7-4 (2004-059)

This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora Core host is missing a security update.

Description :

Patrik Hornik discovered a vulnerability in Slocate versions up to and
including 2.7 where a carefully crafted database could overflow a
heap-based buffer. A local user could exploit this vulnerability to
gain 'slocate' group privileges and then read the entire slocate
database. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2003-0848 to this issue.
Users of Slocate should upgrade to these packages which contain a
patch from Kevin Lindsay which causes slocate to drop privileges
before reading a user-supplied database.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?658f5c08

Solution :

Update the affected slocate and / or slocate-debuginfo packages.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)

Family: Fedora Local Security Checks

Nessus Plugin ID: 13672 (fedora_2004-059.nasl)

Bugtraq ID:

CVE ID: CVE-2003-0848

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now