CVE-2007-0227

NameCVE-2007-0227
Descriptionslocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs411937

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
slocatesourcesarge(not affected)
slocatesource(unstable)3.1-1.1low411937

Notes

[sarge] - slocate <not-affected> (Performs correct access checks)
[etch] - slocate <no-dsa> (Minor issue)
slocate will allow users to find files in directories with the
executable bit set but without the readable bit set. This is
an information leak.
Search for package or bug name: Reporting problems