[MBT] new entry in pkg slocate "Local privilege escalation"
bugs at pld-linux.org
bugs at pld-linux.org
Fri Feb 20 16:58:54 CET 2004
Date: 2004-02-20 16:58:52+01 Author: Jakub Bogusz (qboosh) <qboosh at pld-linux.org>
Title: Local privilege escalation
Ticket ID: #831
Ticket URL: http://bugs.pld-linux.org/?bug=831
Package: slocate-1:2.7-1
Distribution:
Category: security problem
Current state: resolving state
Text:
(it's CAN-2003-0848)
It seems that this vulnerability itself has been fixed in
slocate 2.7 sources (lines mentioned in advisory already
contain check for negative pathlen).
However, I decided to merge patch which causes dropping
slocate gid before processing of user-specified databases
(not requiring any special privileges) to avoid exploitation
of similar vulnerabilities in case any would be discovered
in the future.
*** State changed to 'resolving state'
More information about the pld-bugs
mailing list