CVE-2003-0848

slocate <2.6 - Buffer Overflow

Title source: llm

Description

Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Patrik Hornik · clocallinux

https://www.exploit-db.com/exploits/23228

View Code ZIP pw:eip

References (23)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2004-040.html

[Various Sources] http://www.ebitech.sk/patrik/SA/SA-20031006.txt

[Patch, Vendor Advisory] http://www.debian.org/security/2004/dsa-428

[Mailing List] http://marc.info/?l=bugtraq&m=106589631819348&w=2

[Third Party Advisory] http://secunia.com/advisories/10683

[Third Party Advisory] http://secunia.com/advisories/9962/

[Vendor Advisory] http://www.redhat.com/archives/fedora-announce-list/2004-January/msg00009.html

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11033

[Third Party Advisory] http://secunia.com/advisories/10670

[Mailing List] http://marc.info/?l=bugtraq&m=106546447321274&w=2

[Third Party Advisory] http://secunia.com/advisories/10698

[Vendor Advisory] http://www.trustix.org/errata/misc/2004/TSL-2004-0005-slocate.asc.txt

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A821

[Third Party Advisory] http://secunia.com/advisories/10702

[Various Sources] ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-001.0/CSSA-2004-001.0.txt

[Vendor Advisory] ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc

[Vendor Advisory] ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2004-041.html

[Various Sources] http://www.ebitech.sk/patrik/SA/SA-20031006-A.txt

[Third Party Advisory] http://secunia.com/advisories/10720

... and 3 more

Scores

EPSS 0.0037

EPSS Percentile 58.9%

Details

Status published

Products (6)

slocate/slocate 2.1

slocate/slocate 2.2

slocate/slocate 2.3

slocate/slocate 2.4

slocate/slocate 2.5

slocate/slocate 2.6

Published Nov 17, 2003

Tracked Since Feb 18, 2026