Bug 104378 - sys-apps/slocate Local Database Corruption Vulnerability (CAN-2005-2499)
Bug#: 104378 Product:  Gentoo Linux Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: minor Priority: P2
Resolution: FIXED Assigned To: base-system@gentoo.org Reported By: TenToThe8th@yahoo.com
Component: Applications
URL:  http://www.securityfocus.com/bid/14640
Summary: sys-apps/slocate Local Database Corruption Vulnerability (CAN-2005-2499)
Keywords:  
Status Whiteboard: 
Opened: 2005-08-31 06:46 0000
Description:   Opened: 2005-08-31 06:46 0000 
(Everything below from SecurityFocus's Linux Newsletter; it's an upstream
issue,
but the homepage for slocate hasn't been updated since 2003)

Date Published: 2005-08-23                                                     

Relevant URL: http://www.securityfocus.com/bid/14640                           

Summary:                                                                       

slocate is susceptible to a local database corruption vulnerability. This      

issue is due to a failure of the application to handle unexpected directory    

and filename input.                                                            



This issue presents itself when the affected utility attempts to index         

specially crafted directory structures. The utility fails to handle the        

directory structure, and fails to complete the indexing process.               



This vulnerability allows local attackers to cause the premature failure of    

the index process, resulting in an incomplete database. If the database is     

used in further security, backup, or other critical functions, incomplete      

data may result in the failure of services dependent on it.                    



This issue is reported in version 2.7 of slocate, but other versions may       

also be affected.                                                              


Reproducible: Always
Steps to Reproduce:
1.
2.
3.

------- Comment #1 From Thierry Carrez (RETIRED) 2005-08-31 07:58:04 0000 ------- 
I find this one rather lame. 

A local user would create database structures (which would trace the fault back
to him) just to interrupt the indexing process, resulting in a partial DoS of
the slocate facility... "If the database is used in further security, backup, or
other critical functions, incomplete data may result in the failure of services
dependent on it.". Yeah right.

I guess we can fix it... but the security implication doesn't seem that obvious
to me.

------- Comment #2 From Tavis Ormandy (RETIRED) 2005-09-01 01:12:31 0000 ------- 
Concur with koon, fail to see any security impact from this bug. A user may be 
able to cause a minor annoyance that can easily be tracked down and the user 
held responsible.

Reassigning to base-system who can decide how to deal with it.

------- Comment #3 From SpanKY 2005-09-13 16:43:46 0000 ------- 
grabbed patch from Fedora and added to 2.7-r8