(Everything below from SecurityFocus's Linux Newsletter; it's an upstream issue, but the homepage for slocate hasn't been updated since 2003) Date Published: 2005-08-23 Relevant URL: http://www.securityfocus.com/bid/14640 Summary: slocate is susceptible to a local database corruption vulnerability. This issue is due to a failure of the application to handle unexpected directory and filename input. This issue presents itself when the affected utility attempts to index specially crafted directory structures. The utility fails to handle the directory structure, and fails to complete the indexing process. This vulnerability allows local attackers to cause the premature failure of the index process, resulting in an incomplete database. If the database is used in further security, backup, or other critical functions, incomplete data may result in the failure of services dependent on it. This issue is reported in version 2.7 of slocate, but other versions may also be affected. Reproducible: Always Steps to Reproduce: 1. 2. 3.
I find this one rather lame. A local user would create database structures (which would trace the fault back to him) just to interrupt the indexing process, resulting in a partial DoS of the slocate facility... "If the database is used in further security, backup, or other critical functions, incomplete data may result in the failure of services dependent on it.". Yeah right. I guess we can fix it... but the security implication doesn't seem that obvious to me.
Concur with koon, fail to see any security impact from this bug. A user may be able to cause a minor annoyance that can easily be tracked down and the user held responsible. Reassigning to base-system who can decide how to deal with it.
grabbed patch from Fedora and added to 2.7-r8