Arbitrary Memory Write Vulnerability in GNU Locate

Arbitrary Memory Write Vulnerability in GNU Locate

CVE-2001-1036 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.

Learn more about our User Device Pen Test.