November 28, 2000

Secure Locate heap corruption vulnerability

Author: JT Smith

"When running slocate, users are able to specify a database of their own as a commandline parameter. A subtle vulnerability exists in slocate's reading of these user-supplied databases that may allow a local user to execute arbitrary code with effective gid slocate." Full details at


  • Linux
Click Here!