Privilege Escalation in GNU Locate on Slackware 7.1 and 8.0
CVE-2001-1036

Currently unrated

Key Information:

Vendor: Gnu
Status: Findutils
Vendor: CVE Published:; 31 August 2001

Summary

GNU Locate, a component of findutils version 4.1, on Slackware versions 7.1 and 8.0 is susceptible to a local privilege escalation vulnerability. This flaw occurs when the system processes an improperly formatted filename database (locatedb) that includes an entry with an out-of-range offset. As a result, the 'locate' command may inadvertently write to arbitrary process memory, thus enabling local users to escalate their privileges. This issue poses significant security risks in multi-user environments.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/6932

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/3127

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/200991

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability Reserved
Jan 31, 2002
Vulnerability published
Aug 31, 2001