Author: JT Smith
“When running slocate, users are able to specify a database of their own as a commandline parameter. A subtle vulnerability exists in slocate’s reading of these user-supplied databases that may allow a local user to execute arbitrary code with effective gid slocate.” Full details at SecurityFocus.com.
Category:
- Linux