[22870] in bugtraq
Re: [ ** Snes9x buffer overflow vulnerability ** ]
daemon@ATHENA.MIT.EDU (Roman Drahtmueller)
Tue Oct 16 13:56:43 2001
Date: Tue, 16 Oct 2001 18:57:32 +0200 (MEST)
From: Roman Drahtmueller <draht@suse.de>
To: <vulnwatch@vulnwatch.org>, <bugtraq@securityfocus.com>
Cc: <security@suse.de>
In-Reply-To: <21110.1003243054@www54.gmx.net>
Message-ID: <Pine.LNX.4.33.0110161853160.14546-100000@dent.suse.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
> Affected version: v1.37 prior versions might also be affected.
> Tested platforms: FreeBSD, NetBSD, OpenBSD and Linux.
>
> A buffer overflow vulnerability exists in the snes9x emulator. The
> problem is that rom names given as an argument upon execution of
> the program are not processed correctly and can be used to trigger
> a buffer overflow.
>
> On many systems the snes9x has been installed setuid root (also
> recommended by the developers in the readme. This so it can access
> /dev/mem which is required to run the program in full screen mode.
> The setuid root bit gives the program the ability to perform actions
> with the privileges of root with other words: exploiting this issue
> can lead to root access.
>
> [ ** Exploit information ** ]
[snip]
SuSE distributions 6.3 and up contain the snes9x emulator package.
We determined that a setuid-root bit is too risky, so none of the packages
contain a file that is installed setuid root.
SuSE Linux distributions are therefore not vulnerable to the problem.
> [ ** Fix information ** ]
>
> Upgrade your snes9x package to the latest version if you want to use
> it setuid root: http://www.snes9x.com
> zillion
Thanks,
Roman Drahtmüller,
SuSE Security.
--
- -
| Roman Drahtmüller <draht@suse.de> // "You don't need eyes to see, |
SuSE GmbH - Security Phone: // you need vision!"
| Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless |
- -
