Mandrake Linux Security Advisory : slocate (MDKSA-2000:085)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

Michael Kaempf reported a security problem in slocate (a secure
version of locate, a tool to quickly locate files on a filesystem) on
bugtraq which was originally discovered by zorgon. He discovered that
there was a bug in the database reading code which made it overwrite
an internal structure with some input. He then showed this could be
exploited to trick slocate into executing arbitrary code by pointing
it to a carefully crafted database.

Solution :

Update the affected slocate package.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 61871 ()

Bugtraq ID:

CVE ID: CVE-2001-0066

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now