Test ID:	1.3.6.1.4.1.25623.1.0.50294
Category:	Fedora Local Security Checks
Title:	Fedora Core 1 FEDORA-2004-059 (slocate)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to slocate announced via advisory FEDORA-2004-059. Slocate is a security-enhanced version of locate. Just like locate, slocate searches through a central database (which is updated nightly) for files which match a given pattern. Slocate allows you to quickly find files anywhere on your system. Update Information: Patrik Hornik discovered a vulnerability in Slocate versions up to and including 2.7 where a carefully crafted database could overflow a heap-based buffer. A local user could exploit this vulnerability to gain 'slocate' group privileges and then read the entire slocate database. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0848 to this issue. Users of Slocate should upgrade to these packages which contain a patch from Kevin Lindsay which causes slocate to drop privileges before reading a user-supplied database. * Wed Jan 21 2004 Mark Cox - drop privs for non slocate gid databases (CVE-2003-0848) - update to 2.7 Solution: Apply the appropriate updates. http://www.fedoranews.org/updates/FEDORA-2004-059.shtml Risk factor : Medium CVSS Score: 4.6
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0848 Bugtraq: 20031006 SA-20031006 slocate vulnerability (Google Search) http://marc.info/?l=bugtraq&m=106546447321274&w=2 Bugtraq: 20031011 SA-20031006 slocate buffer overflow - exploitation proof (Google Search) http://marc.info/?l=bugtraq&m=106589631819348&w=2 Debian Security Information: DSA-428 (Google Search) http://www.debian.org/security/2004/dsa-428 http://www.redhat.com/archives/fedora-announce-list/2004-January/msg00009.html http://www.mandriva.com/security/advisories?name=MDKSA-2004:004 http://www.ebitech.sk/patrik/SA/SA-20031006-A.txt http://www.ebitech.sk/patrik/SA/SA-20031006.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11033 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A821 RedHat Security Advisories: RHSA-2004:040 http://rhn.redhat.com/errata/RHSA-2004-040.html http://www.redhat.com/support/errata/RHSA-2004-041.html SCO Security Bulletin: CSSA-2004-001.0 ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-001.0/CSSA-2004-001.0.txt http://secunia.com/advisories/10670 http://secunia.com/advisories/10683 http://secunia.com/advisories/10686 http://secunia.com/advisories/10698 http://secunia.com/advisories/10702 http://secunia.com/advisories/10720 http://secunia.com/advisories/10722 http://secunia.com/advisories/9962/ SGI Security Advisory: 20040201-01-U ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc SGI Security Advisory: 20040202-01-U ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc http://www.trustix.org/errata/misc/2004/TSL-2004-0005-slocate.asc.txt
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.