Re: [ ** Snes9x buffer overflow vulnerability ** ]

[Roman Drahtmueller <draht () suse de>]

> Affected version: v1.37 prior versions might also be affected.
> Tested platforms: FreeBSD, NetBSD, OpenBSD and Linux.
>
> A buffer overflow vulnerability exists in the snes9x emulator. The
> problem is that rom names given as an argument upon execution of
> the program are not processed correctly and can be used to trigger
> a buffer overflow.
>
> On many systems the snes9x has been installed setuid root (also
> recommended by the developers in the readme. This so it can access
> /dev/mem which is required to run the program in full screen mode.
> The setuid root bit gives the program the ability to perform actions
> with the privileges of root with other words: exploiting this issue
> can lead to root access.
>
> [ ** Exploit information ** ]

[snip]

SuSE distributions 6.3 and up contain the snes9x emulator package.

We determined that a setuid-root bit is too risky, so none of the packages
contain a file that is installed setuid root.

SuSE Linux distributions are therefore not vulnerable to the problem.

> [ ** Fix information ** ]
>
> Upgrade your snes9x package to the latest version if you want to use
> it setuid root: http://www.snes9x.com
> zillion


Thanks,
Roman Drahtmüller,
SuSE Security.
-- 
 -                                                                      -
| Roman Drahtmüller      <draht () suse de> // "You don't need eyes to see, |
  SuSE GmbH - Security           Phone: //             you need vision!"
| Nürnberg, Germany     +49-911-740530 //           Maxi Jazz, Faithless |
 -                                                                      -