Vulnerabilities > CVE-2007-0227 - Local Information Disclosure vulnerability in Slocate 3.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-425-1.NASL description A flaw was discovered in the permission checking code of slocate. When reporting matching files, locate would not correctly respect the parent directory last seen 2020-06-01 modified 2020-06-02 plugin id 28018 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28018 title Ubuntu 6.06 LTS / 6.10 : slocate vulnerability (USN-425-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-425-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(28018); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2007-0227"); script_xref(name:"USN", value:"425-1"); script_name(english:"Ubuntu 6.06 LTS / 6.10 : slocate vulnerability (USN-425-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "A flaw was discovered in the permission checking code of slocate. When reporting matching files, locate would not correctly respect the parent directory's 'read' bits. This could result in filenames being displayed when the file owner had expected them to remain hidden from other system users. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/425-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected slocate package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:slocate"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10"); script_set_attribute(attribute:"patch_publication_date", value:"2007/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06|6\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"slocate", pkgver:"3.0.beta.r3-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"slocate", pkgver:"3.1-1ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "slocate"); }NASL family Solaris Local Security Checks NASL id SOLARIS11_SLOCATE_20140415.NASL description The remote Solaris system is missing necessary patches to address security updates : - slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7. (CVE-2007-0227) last seen 2020-06-01 modified 2020-06-02 plugin id 80771 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80771 title Oracle Solaris Third-Party Patch Update : slocate (cve_2007_0227_information_disclosure) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80771); script_version("1.2"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_cve_id("CVE-2007-0227"); script_name(english:"Oracle Solaris Third-Party Patch Update : slocate (cve_2007_0227_information_disclosure)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7. (CVE-2007-0227)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); # https://blogs.oracle.com/sunsecurity/cve-2007-0227-information-disclosure-vulnerability-in-slocate script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f0701602" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.1.18.5.0."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:slocate"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^slocate$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "slocate"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.1.18.0.5.0", sru:"SRU 11.1.18.5.0") > 0) flag++; if (flag) { error_extra = 'Affected package : slocate\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_warning(port:0, extra:error_extra); else security_warning(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "slocate");NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2012-244-05.NASL description New slocate packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 61752 published 2012-09-04 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61752 title Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : slocate (SSA:2012-244-05)
Statements
contributor Vincent Danen lastmodified 2007-01-19 organization Mandriva statement Not vulnerable. This issue does not affect the versions of slocate as shipped with Mandriva Linux 2007.0 or earlier. contributor Mark J Cox lastmodified 2007-01-18 organization Red Hat statement Not vulnerable. This issue did not affect the versions of slocate as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
References
- http://osvdb.org/33465
- http://www.securityfocus.com/archive/1/456489/100/0/threaded
- http://www.securityfocus.com/archive/1/456530/100/0/threaded
- http://www.securityfocus.com/archive/1/456593/100/0/threaded
- http://www.securityfocus.com/archive/1/456739/100/0/threaded
- http://www.securityfocus.com/archive/1/464220/30/7320/threaded
- http://www.securityfocus.com/bid/21989
- http://www.ubuntu.com/usn/usn-425-1