Launchpad.net

CVE 2003-0848

Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.

Related bugs and status

CVE-2003-0848 (Candidate) is related to these bugs:

Bug #7373: CAN-2003-0848: heap overflow in slocate

Summary				In	Importance	Status
	7373	CAN-2003-0848: heap overflow in slocate		slocate (Ubuntu)	High	Invalid
	7373	CAN-2003-0848: heap overflow in slocate		slocate (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.ebitech.sk/...
MISC: http://www.ebitech.sk/...
TRUSTIX: 2004-0005
DEBIAN: DSA-428
REDHAT: RHSA-2004:041
SGI: 20040201-01-U
SCO: CSSA-2004-001.0
MANDRAKE: MDKSA-2004:004
SGI: 20040202-01-U
FEDORA: FEDORA-2004-059
REDHAT: RHSA-2004:040
SECUNIA: 10670
SECUNIA: 10683
SECUNIA: 10686
SECUNIA: 10698
SECUNIA: 10702
SECUNIA: 10720
SECUNIA: 10722
SECUNIA: 9962
BUGTRAQ: 20031006 SA-20031006 s...
BUGTRAQ: 20031011 SA-20031006 s...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...