English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 148472 CVE descriptions
and 72306 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2004-6
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date : 17 Feb 2004
 Last revised           : 17 Feb 2004

 Package : slocate

 Summary : Buffer overlows

 More information :
    Secure locate provides a secure way to index and quickly search for files on your system.
    It uses incremental encoding just like GNU locate to compress its database
    to make searching faster, but it will also check file permissions and ownership so that
    users will not see files they do not have access to.
    Two buffer overflow vulnerabilities were found in slocate.

 Impact :
    A local user could exploit this vulnerability to gain "slocate" group privileges.

 Affected Products :
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1
    - Turbolinux Workstation 6.0

 Solution :
    Please use turbopkg(zabom) tool to apply the update.
 ---------------------------------------------
 # turbopkg
 or
 [Turbolinux 10 Desktop]
 # zabom -u slocate

 [other]
 # zabom update slocate
 ---------------------------------------------


 <Turbolinux 10 Desktop>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/slocate-2.7-5.src.rpm
        97678 e126532cd95f430b75ef9b04da08e1c5

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/slocate-2.7-5.i586.rpm
        30381 dc2fe594e00285a09b8de6d9247deaf3

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/slocate-2.7-5.src.rpm
        97678 fd997c9ab22802b57eca2ce171748d80

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/slocate-2.7-5.i586.rpm
        29028 f67d0d6113713d0c4fcbcf98107babee

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/slocate-2.7-5.src.rpm
        97678 5ad273932f01f0de097b0b9caf62f5cc

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/slocate-2.7-5.i586.rpm
        29055 47b5443d9d5a9059bb424706e4b3c46a

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/slocate-2.7-5.src.rpm
        97678 87470ca4e766aba933e9638acb4ba742

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/slocate-2.7-5.i586.rpm
        28904 d5bf696e27b7b68f96c67b4ee4135344

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/slocate-2.7-5.src.rpm
        97678 28c4443bb23fb9d1e2930bec6c55058e

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/slocate-2.7-5.i586.rpm
        28942 6ceff35e5d808ac242c0f5b907f6b001

 <Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/slocate-2.7-5.src.rpm
        97678 9073b8497b81eb1396e9fad38ef5add1

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/slocate-2.7-5.i386.rpm
        29210 56c43ac5fbf67f5c17548cb6be90bf5b

 <Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/slocate-2.7-5.src.rpm
        97678 02de83e6a9e6c770aaf4c68f90c8be9a

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/slocate-2.7-5.i386.rpm
        29191 0f4a52b45709c1e4cfbb9e062d44b350

 <Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/slocate-2.7-5.src.rpm
        97678 1dc6e08db5f99b279ae38f4832946815

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/slocate-2.7-5.i386.rpm
        29215 47b69730a5f477632575f96003155668

 <Turbolinux Workstation 6.0>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/slocate-2.7-5.src.rpm
        97678 399d968b83e3e0d43c9da9f722ad6584

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/slocate-2.7-5.i386.rpm
        29189 79065665a65fd348f6c6341e8f3fa705


 References :

 CVE
   [CAN-2003-0056]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0056
   [CAN-2003-0848]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0848


 --------------------------------------------------------------------------
 Revision History
    17 Feb 2004 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2004 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAMZc7K0LzjOqIJMwRAr/VAKCuo6nFHsRolUcCWBWrVHvnv4cqKQCeKw7c
CyXJh+BvtQw2FXce0CK+u0o=
=RW9O
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.