Re: slocate vulnerability

On Wed, Jan 29, 2003 at 10:49:22PM +1000, Adam Gilmore wrote:

> Below is an advisory on a buffer overflow in slocate 2.6.1.  I can't
> replicate the same error in gdb as the advisory and I don't believe it's
> a buffer overflow at all.

Here's what I'm getting on a Mandrake 9.0 box (running under a Connectix Virtual PC for Windows 5.1 trial, FWIW):

(gdb) run -c `perl -e "print 'A' x 1024"` -r `perl -e "print 'A' x 1024"`
Starting program: /usr/bin/slocate -c `perl -e "print 'A' x 1024"` -r `perl -e "print 'A' x 1024"`
warning: slocate: could not open database: /var/lib/slocate/slocate.db: Permission denied
warning: You need to run the 'updatedb' command (as root) to create the database.
warning: slocate: decode_db():
ÀŠr@ÀŠr@ÈŠr@ÈŠr@Њr@Њr@ØŠr@ØŠr@àŠr@àŠr@èŠr@èŠr@ð directory warning: You need to run the 'updatedb' command (as root) to create the database.
(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault. 0x40097b9b in strlen () from /lib/i686/libc.so.6 (gdb) bt
#0 0x40097b9b in strlen () from /lib/i686/libc.so.6
#1 0x4006aec0 in vfprintf () from /lib/i686/libc.so.6
#2 0x40088b94 in vsnprintf () from /lib/i686/libc.so.6
#3 0x0804ca07 in strcpy ()
#4 0x0804b5cf in strcpy ()
#5 0x0804bd99 in strcpy ()
#6 0x4003b082 in __libc_start_main () from /lib/i686/libc.so.6

If I just run it from the command prompt without going through gdb:

$ /usr/bin/slocate -c `perl -e "print 'A' x 1024"` -r `perl -e "print 'A' x 1024"` warning: slocate: warning: database /var/lib/slocate/slocate.db' is more than 8 days old Segmentation fault

-Barry K. Nathan <barryn@pobox.com> Received on Thu Jan 30 11:37:36 2003