[22871] in bugtraq
Re: [ ** Snes9x buffer overflow vulnerability ** ]
daemon@ATHENA.MIT.EDU (Mike Hoskins)
Tue Oct 16 16:17:47 2001
Date: Tue, 16 Oct 2001 12:05:13 -0700 (PDT)
From: Mike Hoskins <mike@adept.org>
To: Niels Heinen <zilli0n@gmx.net>
Cc: <bugtraq@securityfocus.com>, <vulnwatch@vulnwatch.org>
In-Reply-To: <21110.1003243054@www54.gmx.net>
Message-ID: <20011016120127.H22465-100000@snafu.adept.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Tue, 16 Oct 2001, Niels Heinen wrote:
> Tested platforms: FreeBSD, NetBSD, OpenBSD and Linux.
Version(s)?
mike@mojo{mike}$ uname -a
FreeBSD mojo.televoke.net 4.4-STABLE FreeBSD 4.4-STABLE #5: Tue Sep 18 16:11:35
PDT 2001 mike@mojo.televoke.net:/usr/obj/usr/src/sys/MOJO i386
mike@mojo{mike}$ ls -al /usr/X11R6/bin/snes9x
-r-xr-xr-x 1 root wheel 1718336 Jun 25 11:08 /usr/X11R6/bin/snes9x*
mike@mojo{mike}$ pkg_info|grep snes
snes9x-1.37c Super Nintendo Entertainment System(SNES) Emulator
This was installed from ports and did not have SUID set by default.
Still, it is a find. Good work, but does anyone set SUID beside those
reading the README and following the developer's suggestions (curious)?
Later,
-Mike
--
"Information may want to be free, but fiber optic cable wants to be
a million US dollars per mile." --Shawn McMahon
