Vulnerabilities > CVE-2001-0066 - Unspecified vulnerability in Kevin Lindsay Secure Locate

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
kevin-lindsay
nessus
exploit available
NVD
Published: 2001-02-16
Updated: 2018-05-03

Summary

Secure Locate (slocate) allows local users to corrupt memory via a malformed database file that specifies an offset value that accesses memory outside of the intended buffer.

Vulnerable Configurations

Part Description Count
Application
Kevin_Lindsay
6

Exploit-Db

descriptiondislocate - Local i386 exploit in v1.3. CVE-2001-0066. Local exploit for linux platform
idEDB-ID:216
last seen2016-01-31
modified2000-12-02
published2000-12-02
reporterMichel Kaempf
sourcehttps://www.exploit-db.com/download/216/
titledislocate 1.3 - Local i386 Exploit

Nessus

NASL familyMandriva Local Security Checks
NASL idMANDRAKE_MDKSA-2000-085.NASL
descriptionMichael Kaempf reported a security problem in slocate (a secure version of locate, a tool to quickly locate files on a filesystem) on bugtraq which was originally discovered by zorgon. He discovered that there was a bug in the database reading code which made it overwrite an internal structure with some input. He then showed this could be exploited to trick slocate into executing arbitrary code by pointing it to a carefully crafted database.
last seen2020-06-01
modified2020-06-02
plugin id61871
published2012-09-06
reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/61871
titleMandrake Linux Security Advisory : slocate (MDKSA-2000:085)

Redhat

advisories
rhsa
idRHSA-2000:128

References