| Description: |
A vulnerability was discovered in slocate, a program to index and
search for files, whereby a specially crafted database could overflow
a heap-based buffer. This vulnerability could be exploited by a local
attacker to gain the privileges of the "slocate" group, which can
access the global database containing a list of pathnames of all files
on the system, including those which should only be visible to
privileged users. This problem, and a category of potential similar
problems, can be fixed by modifying slocate to drop privileges before
reading a user-supplied database. |
