Re: [ ** Snes9x buffer overflow vulnerability ** ]

From: Scott Dier (diemanat_private)
Date: Tue Oct 16 2001 - 09:03:05 PDT

  • Next message: Mike Hoskins: "Re: [ ** Snes9x buffer overflow vulnerability ** ]" 

    * Niels Heinen <zilli0nat_private> [011016 10:55]:
> Affected version: v1.37 prior versions might also be affected. 
> Tested platforms: FreeBSD, NetBSD, OpenBSD and Linux.  

Debian unstable's snes9x 1.39-1 packages do not have setuid set by
default.  I dont have any resources to check stable.

The version distributed with the Progeny package set is 1.29-2.  These
are also not set as setuid root.

Please, next time state the exact distribution you are testing against,
'Linux' isn't descriptive enough.

----
Debian unstable, 1.39-1:
-rwxr-xr-x    1 root     root       868360 Oct  9 18:53 /usr/bin/gsnes9x
-rwxr-xr-x    1 root     root       896520 Oct  9 18:53 /usr/bin/osnes9x
-rwxr-xr-x    1 root     root       847368 Oct  9 18:53 /usr/bin/ssnes9x
-rwxr-xr-x    1 root     root       884264 Oct  9 18:53 /usr/bin/snes9x

Progeny, 1.29-2:
-rwxr-xr-x    1 root     root      1072024 Jul 18  2000 /usr/bin/snes9x
-rwxr-xr-x    1 root     root       975416 Jul 18  2000 /usr/bin/ssnes9x

-- 
Scott Dier <diemanat_private> <sdierat_private>
http://www.ringworld.org/  #linuxosat_private

    This archive was generated by hypermail 2b30 : Tue Oct 16 2001 - 12:00:05 PDT