Bugtraq mailing list archives
Re: [ ** Snes9x buffer overflow vulnerability ** ]
From: Roman Drahtmueller <draht () suse de>
Date: Tue, 16 Oct 2001 18:57:32 +0200 (MEST)
Affected version: v1.37 prior versions might also be affected. Tested platforms: FreeBSD, NetBSD, OpenBSD and Linux. A buffer overflow vulnerability exists in the snes9x emulator. The problem is that rom names given as an argument upon execution of the program are not processed correctly and can be used to trigger a buffer overflow. On many systems the snes9x has been installed setuid root (also recommended by the developers in the readme. This so it can access /dev/mem which is required to run the program in full screen mode. The setuid root bit gives the program the ability to perform actions with the privileges of root with other words: exploiting this issue can lead to root access. [ ** Exploit information ** ]
[snip] SuSE distributions 6.3 and up contain the snes9x emulator package. We determined that a setuid-root bit is too risky, so none of the packages contain a file that is installed setuid root. SuSE Linux distributions are therefore not vulnerable to the problem.
[ ** Fix information ** ] Upgrade your snes9x package to the latest version if you want to use it setuid root: http://www.snes9x.com zillion
Thanks, Roman Drahtmüller, SuSE Security. -- - - | Roman Drahtmüller <draht () suse de> // "You don't need eyes to see, | SuSE GmbH - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - -
Current thread:
- [ ** Snes9x buffer overflow vulnerability ** ] Niels Heinen (Oct 16)
- Re: [ ** Snes9x buffer overflow vulnerability ** ] Roman Drahtmueller (Oct 16)
- Re: [ ** Snes9x buffer overflow vulnerability ** ] Scott Dier (Oct 16)
- Re: [ ** Snes9x buffer overflow vulnerability ** ] Alistair Crooks (Oct 16)
- Re: [ ** Snes9x buffer overflow vulnerability ** ] Christian Surchi (Oct 16)
- Re: [ ** Snes9x buffer overflow vulnerability ** ] Mike Hoskins (Oct 16)
- Re: [ ** Snes9x buffer overflow vulnerability ** ] Heikki Korpela (Oct 16)