Mandrake Linux Security Advisory : slocate (MDKSA-2000:085)
High Nessus Plugin ID 61871
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionMichael Kaempf reported a security problem in slocate (a secure version of locate, a tool to quickly locate files on a filesystem) on bugtraq which was originally discovered by zorgon. He discovered that there was a bug in the database reading code which made it overwrite an internal structure with some input. He then showed this could be exploited to trick slocate into executing arbitrary code by pointing it to a carefully crafted database.
SolutionUpdate the affected slocate package.