Home page logo

bugtraq logo Bugtraq mailing list archives

Re: [MSY] S(ecure)Locate heap corruption vulnerability
From: Seth Arnold <sarnold () WILLAMETTE EDU>
Date: Tue, 28 Nov 2000 13:29:10 -0800

* Michal Zalewski <lcamtuf () dione ids pl> [001128 13:14]:
I am impressed it hasn't been fixed yet. Amazing.

Quoting from: http://www.geekreview.org/slocate/

        Changes v2.2: Fixed a segfault. If the environment variable
        LOCATE_PATH had an invalid slocate.db file path, slocate could
        segfault.  Proper checking now takes place to fix this.

I think this was fixed 00/06/22 -- but I am not entirely clear on how
the dates line up with the versions mentioned. (And no, I don't know if
the fix managed to break other items..)

In the past, Kevin was very friendly and helpful when I contacted him.
Unless that has changed I think getting fixes into new versions is
pretty easy. :)

``Oh Lord; Ooh you are so big; So absolutely huge; Gosh we're all
really impressed down here, I can tell you.''

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]