Mandrake Linux Security Advisory : slocate (MDKSA-2004:004)
Medium Nessus Plugin ID 14104
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionA vulnerability was discovered by Patrik Hornik in slocate versions up to and including 2.7 where a carefully crafted database could overflow a heap-based buffer. This could be exploited by a local user to gain privileges of the 'slocate' group. The updated packages contain a patch from Kevin Lindsay that causes slocate to drop privileges before reading a user-supplied database.
SolutionUpdate the affected slocate package.