[22869] in bugtraq
Re: [ ** Snes9x buffer overflow vulnerability ** ]
daemon@ATHENA.MIT.EDU (Scott Dier)
Tue Oct 16 13:07:20 2001
Date: Tue, 16 Oct 2001 11:03:05 -0500
From: Scott Dier <dieman@ringworld.org>
To: Niels Heinen <zilli0n@gmx.net>
Cc: bugtraq@securityfocus.com, vulnwatch@vulnwatch.org
Message-ID: <20011016110305.C21884@ringworld.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="oTHb8nViIGeoXxdp"
Content-Disposition: inline
In-Reply-To: <21110.1003243054@www54.gmx.net>
--oTHb8nViIGeoXxdp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
* Niels Heinen <zilli0n@gmx.net> [011016 10:55]:
> Affected version: v1.37 prior versions might also be affected.=20
> Tested platforms: FreeBSD, NetBSD, OpenBSD and Linux. =20
Debian unstable's snes9x 1.39-1 packages do not have setuid set by
default. I dont have any resources to check stable.
The version distributed with the Progeny package set is 1.29-2. These
are also not set as setuid root.
Please, next time state the exact distribution you are testing against,
'Linux' isn't descriptive enough.
----
Debian unstable, 1.39-1:
-rwxr-xr-x 1 root root 868360 Oct 9 18:53 /usr/bin/gsnes9x
-rwxr-xr-x 1 root root 896520 Oct 9 18:53 /usr/bin/osnes9x
-rwxr-xr-x 1 root root 847368 Oct 9 18:53 /usr/bin/ssnes9x
-rwxr-xr-x 1 root root 884264 Oct 9 18:53 /usr/bin/snes9x
Progeny, 1.29-2:
-rwxr-xr-x 1 root root 1072024 Jul 18 2000 /usr/bin/snes9x
-rwxr-xr-x 1 root root 975416 Jul 18 2000 /usr/bin/ssnes9x
--=20
Scott Dier <dieman@ringworld.org> <sdier@debian.org>
http://www.ringworld.org/ #linuxos@irc.openprojects.net
--oTHb8nViIGeoXxdp
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
iD8DBQE7zFo5yXQl+65LXZIRAiBAAJ9nBnsYp+46oDOVvJhIoMydUhcB6ACeI2oz
C4v+h0l9IUzR7Td4hGlWB0A=
=Adze
-----END PGP SIGNATURE-----
--oTHb8nViIGeoXxdp--
