CVE-2001-1036

Description

GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.

Affected products

gnu / findutils4.0 – 4.0
gnu / findutils4.1 – 4.1
slackware / slackware_linux7.1 – 7.1
slackware / slackware_linux8.0 – 8.0

References

MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/6932
MISChttp://www.securityfocus.com/bid/3127
MISChttp://www.securityfocus.com/archive/1/200991
MISChttp://www.osvdb.org/5477