GNU Locate Old Format Locate Database Local Buffer Overflow Vulnerability
BID:24250
Info
GNU Locate Old Format Locate Database Local Buffer Overflow Vulnerability
| Bugtraq ID: | 24250 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-2452 |
| Remote: | No |
| Local: | Yes |
| Published: | May 31 2007 12:00AM |
| Updated: | Jul 13 2010 04:17PM |
| Credit: | This issue was discovered by the GNU Findutils developers. |
| Vulnerable: |
HP Insight Control 6.0 HP Insight Control 0 GNU findutils 4.2.30 GNU findutils 4.2.29 GNU findutils 4.2.28 GNU findutils 4.2.27 GNU findutils 4.1 GNU findutils 4.0 |
| Not Vulnerable: |
HP Insight Control 6.1 GNU findutils 4.2.31 |
Discussion
GNU Locate Old Format Locate Database Local Buffer Overflow Vulnerability
GNU locate is prone to a local heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation.
Exploiting this issue allows local attackers to overwrite memory with arbitrary data, potentially allowing them to execute malicious machine code in the context of the user running the affected application.
This issue affects GNU locate as found in GNU Findutils prior to 4.2.31.
GNU locate is prone to a local heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation.
Exploiting this issue allows local attackers to overwrite memory with arbitrary data, potentially allowing them to execute malicious machine code in the context of the user running the affected application.
This issue affects GNU locate as found in GNU Findutils prior to 4.2.31.
Exploit / POC
GNU Locate Old Format Locate Database Local Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
GNU Locate Old Format Locate Database Local Buffer Overflow Vulnerability
Solution:
The vendor released an update to address this issue.
GNU findutils 4.0
GNU findutils 4.1
GNU findutils 4.2.27
GNU findutils 4.2.28
GNU findutils 4.2.29
GNU findutils 4.2.30
Solution:
The vendor released an update to address this issue.
GNU findutils 4.0
-
GNU findutils-4.2.31.tar.gz
http://ftp.gnu.org/pub/gnu/findutils/findutils-4.2.31.tar.gz
GNU findutils 4.1
-
GNU findutils-4.2.31.tar.gz
http://ftp.gnu.org/pub/gnu/findutils/findutils-4.2.31.tar.gz
GNU findutils 4.2.27
-
GNU findutils-4.2.31.tar.gz
http://ftp.gnu.org/pub/gnu/findutils/findutils-4.2.31.tar.gz
GNU findutils 4.2.28
-
GNU findutils-4.2.31.tar.gz
http://ftp.gnu.org/pub/gnu/findutils/findutils-4.2.31.tar.gz
GNU findutils 4.2.29
-
GNU findutils-4.2.31.tar.gz
http://ftp.gnu.org/pub/gnu/findutils/findutils-4.2.31.tar.gz
GNU findutils 4.2.30
-
GNU findutils-4.2.31.tar.gz
http://ftp.gnu.org/pub/gnu/findutils/findutils-4.2.31.tar.gz
References
GNU Locate Old Format Locate Database Local Buffer Overflow Vulnerability
References:
References: