Re: [USG- SA- 2003.001] USG Security Advisory (slocate)

From: Kevin Lindsay (klindsay@mkintraweb.com)
Date: 01/25/03

Next message: BrainRawt .: "ftls.org Guestbook 1.1 Script Injection"

Previous message: Michael Bacarella: "MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!"
In reply to: inkubus@hushmail.com: "[USG- SA- 2003.001] USG Security Advisory (slocate)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 24 Jan 2003 21:42:39 -0800
From: Kevin Lindsay <klindsay@mkintraweb.com>
To: inkubus@hushmail.com

All fixed, I don't have a specific patch, other changes were incorporated
into this version (2.7).

ftp://ftp.geekreview.com/slocate/src/slocate-2.7.tar.gz

Let me know if anything funky happens.

Kevin-

On Fri, Jan 24, 2003 at 07:27:27AM -0800, inkubus@hushmail.com wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> __________________________________________________
>
> USG Security Advisory
> http://www.usg.org.uk/advisories/2003.001.txt
> inkubus@hushmail.com
> USG- SA- 2003.001 24- Jan- 2003
> __________________________________________________
>
> Package: slocate
> Vulnerability: local buffer overflow
> Type: local
> Risk: high, users can gain high privileges in the system.
> System tested: RedHat Linux 7.3 (Valhalla) with slocate-2.6-1 from RPM
> Credits: Knight420, Team TESO, Michal Zalewski, Aleph1, dvdman
>

---------------------------------------------------
Kevin Lindsay
Debian Developer
Fingerprint: 81E 58A3 B49A 580E EE3D 8CF0 519A 55F0 746C 51F4
Key Id: 746C51F4

application/pgp-signature attachment: stored

Next message: BrainRawt .: "ftls.org Guestbook 1.1 Script Injection"
Previous message: Michael Bacarella: "MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!"
In reply to: inkubus@hushmail.com: "[USG- SA- 2003.001] USG Security Advisory (slocate)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]