slocate Bug in Processing Long Paths Lets Local Users Deny Service
|
|
SecurityTracker Alert ID: 1014751 |
|
SecurityTracker URL: http://securitytracker.com/id/1014751
|
|
CVE Reference:
CVE-2005-2499
(Links to External Site)
|
Updated: Jun 8 2008
|
Original Entry Date: Aug 22 2005
|
Impact:
Denial of service via local system
|
|
Version(s): 2.7
|
Description:
A vulnerability was reported in slocate. A local user can cause denial of service conditions.
A local user can create a specially crafted directory structure with very long paths to prevent updatedb from fully scanning the system. As a result, the slocate database will be incomplete.
Miloslav Trmac reported this vulnerability.
|
Impact:
A local user can cause the slocate database to be incomplete.
|
Solution:
No upstream solution was available at the time of this entry.
Red Hat has issued a fix for Red Hat Enterprise Linux 3, available at:
https://rhn.redhat.com/errata/RHSA-2005-345.html
Red Hat has issued a fix for Red Hat Enterprise Linux 4, available at:
https://rhn.redhat.com/errata/RHSA-2005-346.html
|
Vendor URL: www.geekreview.org/slocate/ (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Mon, 22 Aug 2005 10:56:04 -0400
Subject: slocate
|
Red Hat reported:
A bug was found in the way slocate processes very long paths. A local user
could create a carefully crafted directory structure that would prevent
updatedb from completing its file system scan, resulting in an incomplete
slocate database. The Common Vulnerabilities and Exposures project has
assigned the name CAN-2005-2499 to this issue.
|
|
