Bugtraq mailing list archives
Re: [MSY] S(ecure)Locate heap corruption vulnerability
From: Seth Arnold <sarnold () WILLAMETTE EDU>
Date: Tue, 28 Nov 2000 13:29:10 -0800
* Michal Zalewski <lcamtuf () dione ids pl> [001128 13:14]:
I am impressed it hasn't been fixed yet. Amazing.
Quoting from: http://www.geekreview.org/slocate/ Changes v2.2: Fixed a segfault. If the environment variable LOCATE_PATH had an invalid slocate.db file path, slocate could segfault. Proper checking now takes place to fix this. I think this was fixed 00/06/22 -- but I am not entirely clear on how the dates line up with the versions mentioned. (And no, I don't know if the fix managed to break other items..) In the past, Kevin was very friendly and helpful when I contacted him. Unless that has changed I think getting fixes into new versions is pretty easy. :) -- ``Oh Lord; Ooh you are so big; So absolutely huge; Gosh we're all really impressed down here, I can tell you.''
Current thread:
- [MSY] S(ecure)Locate heap corruption vulnerability Michel Kaempf (Nov 28)
- Re: [MSY] S(ecure)Locate heap corruption vulnerability Michal Zalewski (Nov 29)
- Re: [MSY] S(ecure)Locate heap corruption vulnerability Seth Arnold (Nov 30)
- Re: [MSY] S(ecure)Locate heap corruption vulnerability Olaf Kirch (Nov 29)
- Re: [MSY] S(ecure)Locate heap corruption vulnerability Michal Zalewski (Nov 29)