OSVDB ID: 5477

Title: GNU findutils locate Memory Write Privilege Escalation

Info

Disclosure

Aug 01, 2001

Discovery

Unknown

Dates

Exploit

Aug 01, 2001

Solution

Unknown

Description

A local buffer overflow exists in the GNU findutils locate command. The locate command fails to check input in the old locate database format resulting in a potential buffer overflow. With a specially crafted entry in such a database file, an attacker can cause execution of code resulting in a loss of confidentiality and integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Public

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

GNU

findutils

4.0
4.1

References

Credit

  • Josh Smith - joshviper.falcon-networks.com -


Direct URL: http://osvdb.org/5477