Bug 222659 - CVE-2007-0227 Slocate file name disclosure
Summary: CVE-2007-0227 Slocate file name disclosure
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: slocate
Version: 3.0
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Miloslav Trmač
QA Contact: Brock Organ
URL: http://www.securityfocus.com/archive/...
Whiteboard: impact=low,source=cve,reported=200701...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-01-15 15:49 UTC by Lubomir Kundrak
Modified: 2007-11-30 22:07 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-01-15 16:32:11 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Lubomir Kundrak 2007-01-15 15:49:40 UTC 
Description of problem:

Slocate reveals names of files in directories, that are not
readable, but are searchable by the user calling slocate.

Version-Release number of selected component (if applicable):

Affects: RHEL2.1
Affects: RHEL3

How reproducible:

Always

Steps to Reproduce:

# cd /root
# mkdir dir
# chmod 711 dir
# touch dir/secret-file
# updatedb -U /root/dir
# su - other
$ slocate secret-f
  
Actual results:

/root/dir/secret-file

Expected results:

Child criminality rate decrease.

Additional info:

Reportedly affects just <=2.6
Comment 1 Miloslav Trmač 2007-01-15 16:32:11 UTC 
All RHEL versions use slocate 2.7 (slocate-2.7-1.el2.1, slocate-2.7-3.RHEL3.6)
and check_path_access() does correctly check all directories on the path are
readable.

BTW, slocate 2.6 seems to use the same - correct - check.
Note You need to log in before you can comment on or make changes to this bug.