Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.55375
Category:Turbolinux Local Security Tests
Title:Turbolinux TLSA-2005-91 (slocate)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to slocate
announced via advisory TLSA-2005-91.

Secure locate provides a secure way to index and quickly search
for files on your system. It uses incremental encoding just like
GNU locate to compress its database to make searching faster, but
it will also check file permissions and ownership so that
users will not see files they do not have access to.

The slocate before does not properly process very long paths.

The slocate allows local users to cause a denial of service
(updatedb exit and incomplete slocate database) via a certain
crafted directory structure.

Solution: Please use the turbopkg (zabom) tool to apply the update.
http://www.securityspace.com/smysecure/catid.html?in=TLSA-2005-91

Risk factor : Medium

CVSS Score:
2.1

Cross-Ref: BugTraq ID: 14640
Common Vulnerability Exposure (CVE) ID: CVE-2005-2499
http://www.securityfocus.com/bid/14640
http://www.osvdb.org/19034
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9538
http://www.redhat.com/support/errata/RHSA-2005-345.html
http://www.redhat.com/support/errata/RHSA-2005-346.html
http://www.redhat.com/support/errata/RHSA-2005-747.html
http://securitytracker.com/id?1014751
XForce ISS Database: slocate-directory-structure-dos(22316)
https://exchange.xforce.ibmcloud.com/vulnerabilities/22316
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.