Bugtraq mailing list archives
Re: [ ** Snes9x buffer overflow vulnerability ** ]
From: Scott Dier <dieman () ringworld org>
Date: Tue, 16 Oct 2001 11:03:05 -0500
* Niels Heinen <zilli0n () gmx net> [011016 10:55]:
Affected version: v1.37 prior versions might also be affected. Tested platforms: FreeBSD, NetBSD, OpenBSD and Linux.
Debian unstable's snes9x 1.39-1 packages do not have setuid set by default. I dont have any resources to check stable. The version distributed with the Progeny package set is 1.29-2. These are also not set as setuid root. Please, next time state the exact distribution you are testing against, 'Linux' isn't descriptive enough. ---- Debian unstable, 1.39-1: -rwxr-xr-x 1 root root 868360 Oct 9 18:53 /usr/bin/gsnes9x -rwxr-xr-x 1 root root 896520 Oct 9 18:53 /usr/bin/osnes9x -rwxr-xr-x 1 root root 847368 Oct 9 18:53 /usr/bin/ssnes9x -rwxr-xr-x 1 root root 884264 Oct 9 18:53 /usr/bin/snes9x Progeny, 1.29-2: -rwxr-xr-x 1 root root 1072024 Jul 18 2000 /usr/bin/snes9x -rwxr-xr-x 1 root root 975416 Jul 18 2000 /usr/bin/ssnes9x -- Scott Dier <dieman () ringworld org> <sdier () debian org> http://www.ringworld.org/ #linuxos () irc openprojects net
Attachment:
_bin
Description:
Current thread:
- [ ** Snes9x buffer overflow vulnerability ** ] Niels Heinen (Oct 16)
- Re: [ ** Snes9x buffer overflow vulnerability ** ] Roman Drahtmueller (Oct 16)
- Re: [ ** Snes9x buffer overflow vulnerability ** ] Scott Dier (Oct 16)
- Re: [ ** Snes9x buffer overflow vulnerability ** ] Alistair Crooks (Oct 16)
- Re: [ ** Snes9x buffer overflow vulnerability ** ] Christian Surchi (Oct 16)
- Re: [ ** Snes9x buffer overflow vulnerability ** ] Mike Hoskins (Oct 16)
- Re: [ ** Snes9x buffer overflow vulnerability ** ] Heikki Korpela (Oct 16)