[28625] in bugtraq
Re: [USG- SA- 2003.001] USG Security Advisory (slocate)
daemon@ATHENA.MIT.EDU (Kevin Lindsay)
Sat Jan 25 04:53:05 2003
Date: Fri, 24 Jan 2003 21:42:39 -0800
From: Kevin Lindsay <klindsay@mkintraweb.com>
To: inkubus@hushmail.com
Message-ID: <20030125054238.GC84393@mkintraweb.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="u3/rZRmxL6MmkK24"
Content-Disposition: inline
In-Reply-To: <200301241527.h0OFRUUW001036@mailserver1.hushmail.com>
--u3/rZRmxL6MmkK24
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
All fixed, I don't have a specific patch, other changes were incorporated
into this version (2.7).
ftp://ftp.geekreview.com/slocate/src/slocate-2.7.tar.gz
Let me know if anything funky happens.
Kevin-
On Fri, Jan 24, 2003 at 07:27:27AM -0800, inkubus@hushmail.com wrote:
>=20
> -----BEGIN PGP SIGNED MESSAGE-----
>=20
> __________________________________________________
>=20
> USG Security Advisory
> http://www.usg.org.uk/advisories/2003.001.txt
> inkubus@hushmail.com
> USG- SA- 2003.001 24- Jan- 2003
> __________________________________________________
>=20
> Package: slocate
> Vulnerability: local buffer overflow
> Type: local
> Risk: high, users can gain high privileges in the system.
> System tested: RedHat Linux 7.3 (Valhalla) with slocate-2.6-1 from RPM
> Credits: Knight420, Team TESO, Michal Zalewski, Aleph1, dvdman
>=20
---------------------------------------------------
Kevin Lindsay
Debian Developer
Fingerprint: 81E 58A3 B49A 580E EE3D 8CF0 519A 55F0 746C 51F4
Key Id: 746C51F4
--u3/rZRmxL6MmkK24
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE+MiPIUZpV8HRsUfQRAnP2AJ4wpVR1qZOE5beEfKi0BU40zbo9RACfVDkc
+LbvVWomlpWyexUCPsNXslg=
=B9No
-----END PGP SIGNATURE-----
--u3/rZRmxL6MmkK24--
