Re: [ ** Snes9x buffer overflow vulnerability ** ]

[Mike Hoskins <mike () adept org>]

On Tue, 16 Oct 2001, Niels Heinen wrote:

> Tested platforms: FreeBSD, NetBSD, OpenBSD and Linux.

Version(s)?

mike@mojo{mike}$ uname -a
FreeBSD mojo.televoke.net 4.4-STABLE FreeBSD 4.4-STABLE #5: Tue Sep 18 16:11:35
PDT 2001     mike () mojo televoke net:/usr/obj/usr/src/sys/MOJO  i386
mike@mojo{mike}$ ls -al /usr/X11R6/bin/snes9x
-r-xr-xr-x   1 root     wheel     1718336 Jun 25 11:08 /usr/X11R6/bin/snes9x*
mike@mojo{mike}$ pkg_info|grep snes
snes9x-1.37c        Super Nintendo Entertainment System(SNES) Emulator

This was installed from ports and did not have SUID set by default.

Still, it is a find.  Good work, but does anyone set SUID beside those
reading the README and following the developer's suggestions (curious)?

Later,
-Mike

--
"Information may want to be free, but fiber optic cable wants to be
 a million US dollars per mile."  --Shawn McMahon