Privilege Escalation in GNU Locate on Slackware 7.1 and 8.0
CVE-2001-1036
Currently unrated
Summary
GNU Locate, a component of findutils version 4.1, on Slackware versions 7.1 and 8.0 is susceptible to a local privilege escalation vulnerability. This flaw occurs when the system processes an improperly formatted filename database (locatedb) that includes an entry with an out-of-range offset. As a result, the 'locate' command may inadvertently write to arbitrary process memory, thus enabling local users to escalate their privileges. This issue poses significant security risks in multi-user environments.
References
Timeline
Vulnerability Reserved
Vulnerability published