Info

Disclosure

Aug 01, 2001

Discovery

Unknown

Dates

Exploit

Aug 01, 2001

Solution

Unknown

Description

A local buffer overflow exists in the GNU findutils locate command. The locate command fails to check input in the old locate database format resulting in a potential buffer overflow. With a specially crafted entry in such a database file, an attacker can cause execution of code resulting in a loss of confidentiality and integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Public

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

GNU	findutils	4.0
		4.1

References

CVE ID: 2001-1036 (see also: NVD)
Exploit Database: 21043
Bugtraq ID: 3127
ISS X-Force ID: 6932
Other Advisory URL: http://www.securityfocus.com/archive/1/200991

Credit

Josh Smith - joshviper.falcon-networks.com -

Direct URL: http://osvdb.org/5477