On Sun, 26 Nov 2000, Michel Kaempf wrote:
> A few days ago, zorgon <zorgon_at_linuxstart.com> discovered a problem in
> Secure Locate v2.1. When decoding an invalid database specified by a
> local user (thanks to the -d command line option), slocate dies with a
> segmentation violation:
I've discovered "slocate user-supplied database file parsing problems"
some time ago and posted nice bugreport to BUGTRAQ:
http://www.securityfocus.com/archive/1/66045
(...snip...)
- slocate - custom input file can be specified using LOCATE_PATH;
due to almost no input validation, it's possible to
supply many different input patterns, some of them will
cause potentially exploitable SEGVs; please review this
code. Ah, forgotten, gid slocate can be used to
access slocate database in unrestricted mode (every
file in filesystem indexed, including eg. /root,
web scripts etc),
(...snip...)
I am impressed it hasn't been fixed yet. Amazing.
--
_______________________________________________________
Michal Zalewski [lcamtuf_at_tpi.pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=--=> Did you know that clones never use mirrors? <=--=
Received on Nov 29 2000
Intro
