Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.52879
Category:Turbolinux Local Security Tests
Title:Turbolinux TLSA-2004-6 (slocate)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to slocate
announced via advisory TLSA-2004-6.

Secure locate provides a secure way to index and quickly search for files on your system.
It uses incremental encoding just like GNU locate to compress its database
to make searching faster, but it will also check file permissions and ownership so that
users will not see files they do not have access to.
Two buffer overflow vulnerabilities were found in slocate.

A local user could exploit this vulnerability to gain slocate group privileges.

Solution: Please use the turbopkg (zabom) tool to apply the update.
http://www.securityspace.com/smysecure/catid.html?in=TLSA-2004-6

Risk factor : High

CVSS Score:
7.2

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2003-0056
Bugtraq: 20030124 [USG- SA- 2003.001] USG Security Advisory (slocate) (Google Search)
http://marc.info/?l=bugtraq&m=104342864418213&w=2
Bugtraq: 20030125 Re: [USG- SA- 2003.001] USG Security Advisory (slocate) (Google Search)
http://marc.info/?l=bugtraq&m=104348607205691&w=2
Bugtraq: 20030202 GLSA: slocate (Google Search)
http://marc.info/?l=bugtraq&m=104428624705363&w=2
Caldera Security Advisory: CSSA-2003-009.0
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-009.0.txt
Conectiva Linux advisory: CLA-2003:643
http://www.net-security.org/advisory.php?id=2010
Debian Security Information: DSA-252 (Google Search)
http://www.debian.org/security/2003/dsa-252
http://www.mandriva.com/security/advisories?name=MDKSA-2003:015
http://www.usg.org.uk/advisories/2003.001.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11369
http://www.redhat.com/support/errata/RHSA-2004-041.html
http://rhn.redhat.com/errata/RHSA-2004-041.html
http://secunia.com/advisories/10720
http://secunia.com/advisories/7947
http://secunia.com/advisories/7982
http://secunia.com/advisories/8007
http://secunia.com/advisories/8118/
http://secunia.com/advisories/8236
http://secunia.com/advisories/8749
SGI Security Advisory: 20040202-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
Common Vulnerability Exposure (CVE) ID: CVE-2003-0848
Bugtraq: 20031006 SA-20031006 slocate vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=106546447321274&w=2
Bugtraq: 20031011 SA-20031006 slocate buffer overflow - exploitation proof (Google Search)
http://marc.info/?l=bugtraq&m=106589631819348&w=2
Debian Security Information: DSA-428 (Google Search)
http://www.debian.org/security/2004/dsa-428
http://www.redhat.com/archives/fedora-announce-list/2004-January/msg00009.html
http://www.mandriva.com/security/advisories?name=MDKSA-2004:004
http://www.ebitech.sk/patrik/SA/SA-20031006-A.txt
http://www.ebitech.sk/patrik/SA/SA-20031006.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11033
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A821
RedHat Security Advisories: RHSA-2004:040
http://rhn.redhat.com/errata/RHSA-2004-040.html
SCO Security Bulletin: CSSA-2004-001.0
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-001.0/CSSA-2004-001.0.txt
http://secunia.com/advisories/10670
http://secunia.com/advisories/10683
http://secunia.com/advisories/10686
http://secunia.com/advisories/10698
http://secunia.com/advisories/10702
http://secunia.com/advisories/10722
http://secunia.com/advisories/9962/
SGI Security Advisory: 20040201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
http://www.trustix.org/errata/misc/2004/TSL-2004-0005-slocate.asc.txt
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.