[23918] in bugtraq
Re: Eterm SGID utmp Buffer Overflow (Local)
daemon@ATHENA.MIT.EDU (Michael Jennings)
Mon Jan 21 16:37:41 2002
Date: Mon, 21 Jan 2002 14:24:37 -0500
From: Michael Jennings <mej@kainx.org>
To: "bugtraq@securityfocus.com" <bugtraq@securityfocus.com>,
"vuln-dev@securityfocus.com" <vuln-dev@securityfocus.com>
Message-ID: <20020121192437.GA16555@kainx.org>
Mail-Followup-To: "bugtraq@securityfocus.com" <bugtraq@securityfocus.com>,
"vuln-dev@securityfocus.com" <vuln-dev@securityfocus.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3C41A075.84B58708@bokeoa.com>
On Sunday, 13 January 2002, at 07:57:57 (-0700),
Charles 'core' Stevenson wrote:
> I found this last night looking for suids to overflow. Tested on
> Debian PowerPC Unstable. Yields gid utmp from which higher
> priveleges could be gained with a little effort. I haven't looked
> too close but I think the overflow might be in imlib2.
Imlib2 1.0.5 has been released to fix this bug. The source tarball
may be downloaded immediately from:
http://prdownloads.sourceforge.net/enlightenment/
The SRPM and i386 binary RPM's may also be downloaded from this
location, and I believe Debian unstable should already have the new
package as of last night's update.
My apologies to PPC users directly affected by this, but Apple has yet
to donate a PowerMac to the cause, so I can't build PPC RPM's.... :-)
Thanks to Mr. Stevenson for locating this problem and for verifying
the fix.
Regards,
Michael
--
Michael Jennings (a.k.a. KainX) http://www.kainx.org/ <mej@kainx.org>
n+1, Inc., http://www.nplus1.net/ Author, Eterm (www.eterm.org)
-----------------------------------------------------------------------
"Sorry, but my karma just ran over your dogma." -- Unknown
