<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Re: [MSY] S(ecure)Locate heap corruption vulnerability

Re: [MSY] S(ecure)Locate heap corruption vulnerability

From: Seth Arnold <sarnold_at_WILLAMETTE.EDU>
Date: Tue, 28 Nov 2000 13:29:10 -0800

* Michal Zalewski <lcamtuf_at_dione.ids.pl> [001128 13:14]:
> I am impressed it hasn't been fixed yet. Amazing.

Quoting from: http://www.geekreview.org/slocate/

        Changes v2.2: Fixed a segfault. If the environment variable
        LOCATE_PATH had an invalid slocate.db file path, slocate could
        segfault. Proper checking now takes place to fix this.

I think this was fixed 00/06/22 -- but I am not entirely clear on how
the dates line up with the versions mentioned. (And no, I don't know if
the fix managed to break other items..)

In the past, Kevin was very friendly and helpful when I contacted him.
Unless that has changed I think getting fixes into new versions is
pretty easy. :)

--
``Oh Lord; Ooh you are so big; So absolutely huge; Gosh we're all
really impressed down here, I can tell you.''

Received on Nov 30 2000

This message: [ Message body ]
Next message: Rune Kristian Viken: "Re: Submission"
Previous message: Linux Mandrake Security Team: "MDKSA-2000:075 - bash1 update"
In reply to: Michal Zalewski: "Re: [MSY] S(ecure)Locate heap corruption vulnerability"
Next in thread: Olaf Kirch: "Re: [MSY] S(ecure)Locate heap corruption vulnerability"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]