Vulnerabilities > CVE-2005-2499 - Unspecified vulnerability in Slocate
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN slocate
nessus
Summary
slocate before 2.7 does not properly process very long paths, which allows local users to cause a denial of service (updatedb exit and incomplete slocate database) via a certain crafted directory structure.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2005-770.NASL description A carefully prepared directory structure could stop the updatedb file system scan, resulting in an incomplete slocate database. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2499 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19480 published 2005-08-23 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19480 title Fedora Core 4 : slocate-2.7-22.fc4.1 (2005-770) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-345.NASL description An updated slocate package that fixes a denial of service and various bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Slocate is a security-enhanced version of locate. Like locate, slocate searches through a central database (updated nightly) for files that match a given pattern. Slocate allows you to quickly find files anywhere on your system. A bug was found in the way slocate scans the local filesystem. A carefully prepared directory structure could cause updatedb last seen 2020-06-01 modified 2020-06-02 plugin id 19828 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19828 title RHEL 3 : slocate (RHSA-2005:345) NASL family Fedora Local Security Checks NASL id FEDORA_2005-771.NASL description A carefully prepared directory structure could stop the updatedb file system scan, resulting in an incomplete slocate database. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2499 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19481 published 2005-08-23 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19481 title Fedora Core 3 : slocate-2.7-12.fc3.1 (2005-771) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-346.NASL description An updated slocate package that fixes a denial of service and various bugs is available. This update has been rated as having low security impact by the Red Hat Security Response Team. Slocate is a security-enhanced version of locate. Like locate, slocate searches through a central database (updated nightly) for files that match a given pattern. Slocate allows you to quickly find files anywhere on your system. A bug was found in the way slocate scans the local filesystem. A carefully prepared directory structure could cause updatedb last seen 2020-06-01 modified 2020-06-02 plugin id 21925 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21925 title CentOS 4 : slocate (CESA-2005:346) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-147.NASL description A bug was discovered in the way that slocate processes very long paths. A local user could create a carefully crafted directory structure that would prevent updatedb from completing its filesystem scan, resulting in an incomplete database. last seen 2020-06-01 modified 2020-06-02 plugin id 19903 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19903 title Mandrake Linux Security Advisory : slocate (MDKSA-2005:147) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-345.NASL description An updated slocate package that fixes a denial of service and various bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Slocate is a security-enhanced version of locate. Like locate, slocate searches through a central database (updated nightly) for files that match a given pattern. Slocate allows you to quickly find files anywhere on your system. A bug was found in the way slocate scans the local filesystem. A carefully prepared directory structure could cause updatedb last seen 2020-06-01 modified 2020-06-02 plugin id 21808 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21808 title CentOS 3 : slocate (CESA-2005:345) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-346.NASL description An updated slocate package that fixes a denial of service and various bugs is available. This update has been rated as having low security impact by the Red Hat Security Response Team. Slocate is a security-enhanced version of locate. Like locate, slocate searches through a central database (updated nightly) for files that match a given pattern. Slocate allows you to quickly find files anywhere on your system. A bug was found in the way slocate scans the local filesystem. A carefully prepared directory structure could cause updatedb last seen 2020-06-01 modified 2020-06-02 plugin id 19986 published 2005-10-11 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19986 title RHEL 4 : slocate (RHSA-2005:346) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-747.NASL description An updated slocate package that fixes a denial of service issue is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Slocate is a security-enhanced version of locate. Like locate, slocate searches through a nightly-updated central database for files that match a given pattern. A bug was found in the way slocate processes very long paths. A local user could create a carefully crafted directory structure that would prevent updatedb from completing its file system scan, resulting in an incomplete slocate database. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2499 to this issue. Users are advised to upgrade to this updated package, which includes a backported patch to resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 19490 published 2005-08-23 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19490 title RHEL 2.1 : slocate (RHSA-2005:747)
Oval
| accepted | 2013-04-29T04:20:06.406-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | slocate before 2.7 does not properly process very long paths, which allows local users to cause a denial of service (updatedb exit and incomplete slocate database) via a certain crafted directory structure. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:9538 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | slocate before 2.7 does not properly process very long paths, which allows local users to cause a denial of service (updatedb exit and incomplete slocate database) via a certain crafted directory structure. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||||||
| rpms |
|
References
- http://securitytracker.com/id?1014751
- http://securitytracker.com/id?1014751
- http://www.osvdb.org/19034
- http://www.osvdb.org/19034
- http://www.redhat.com/support/errata/RHSA-2005-345.html
- http://www.redhat.com/support/errata/RHSA-2005-345.html
- http://www.redhat.com/support/errata/RHSA-2005-346.html
- http://www.redhat.com/support/errata/RHSA-2005-346.html
- http://www.redhat.com/support/errata/RHSA-2005-747.html
- http://www.redhat.com/support/errata/RHSA-2005-747.html
- http://www.securityfocus.com/bid/14640
- http://www.securityfocus.com/bid/14640
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22316
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22316
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9538
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9538