Buffer Overrun in slocate

vendor:

slocate

by:

SecurityFocus

7.5

CVSS

HIGH

Buffer Overrun

120

CWE

Product Name: slocate

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

A vulnerability has been discovered in slocate. It has been reported that a buffer overrun occurs when running the slocate program with command line arguments of excessive length. Specifically, it is possible to overrun a buffer in slocate by supplying excessive data as the regex ('-r') and parse /etc/updatedb.conf ('-c') command line options. By exploiting this issue to overwrite an instruction pointer an attacker may gain the ability to execute arbitrary instructions. As slocate is typically installed setgid, all commands executed by the attacker will be run with the elevated group privileges.

Mitigation:

Upgrade to the latest version of slocate

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6676/info

A vulnerability has been discovered in slocate. It has been reported that a buffer overrun occurs when running the slocate program with command line arguments of excessive length. Specifically, it is possible to overrun a buffer in slocate by supplying excessive data as the regex ('-r') and parse /etc/updatedb.conf ('-c') command line options. 

By exploiting this issue to overwrite an instruction pointer an attacker may gain the ability to execute arbitrary instructions. As slocate is typically installed setgid, all commands executed by the attacker will be run with the elevated group privileges.

*** Conflicting details have been released which provide information reporting that the issue described is not a buffer overflow. Furthermore, the programming error that occurs may not be a security issue and thus not exploitable.

/usr/bin/slocate -c `perl -e "print 'A' x 1024"` -r `perl -e "print 'A' x 1024"`