http://linuxtoday.com/security/2004012602726SCRH Attaching patch hither; and working on a GLSA.
Created attachment 24465 [details, diff] Patch [CAN-2003-0848]
does it strike anyone else that the overflow should actually be fixed in addition to dropping privs? i don't think this is a complete solution..
It seems that RedHat et al. may have not read things properly: http://www.ebitech.sk/patrik/SA/SA-20031006.txt says that ``slocate version 2.6 and below is vulnerable. slocate version 2.7 and all packages based on this version are not vulnerable.'' meanwhile http://linuxtoday.com/security/2004012602726SCRH says that 2.7 is vulnerable. === True; but as this is an overflow I'm not sure if you can do much other than do more bound checking which is essentially what dropping priveleges does; as it prevents bad databases to go in which so far seems to be the only attack vector. >> Suggested and correct patch is to change condition on line 1263 to pathlen <= 0. << http://www.ebitech.sk/patrik/SA/SA-20031006-A.txt for more details.
Did somebody recently clean up slocate in CVS? Only thing I see in there is 2.7* which was never supposed to be vuln in the first place. If thats the case then this bug is INVALID.
If thats not the case ^
I guess this is INVALID then as we seem to have no confirmation of 2.7 being vulnerable :-)
It's hard to tell one way or the other. Lets just keep current :)