Re: [ ** Snes9x buffer overflow vulnerability ** ]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

* Niels Heinen <zilli0n@gmx.net> [011016 10:55]:
> Affected version: v1.37 prior versions might also be affected. 
> Tested platforms: FreeBSD, NetBSD, OpenBSD and Linux.  

Debian unstable's snes9x 1.39-1 packages do not have setuid set by
default.  I dont have any resources to check stable.

The version distributed with the Progeny package set is 1.29-2.  These
are also not set as setuid root.

Please, next time state the exact distribution you are testing against,
'Linux' isn't descriptive enough.

----
Debian unstable, 1.39-1:
-rwxr-xr-x    1 root     root       868360 Oct  9 18:53 /usr/bin/gsnes9x
-rwxr-xr-x    1 root     root       896520 Oct  9 18:53 /usr/bin/osnes9x
-rwxr-xr-x    1 root     root       847368 Oct  9 18:53 /usr/bin/ssnes9x
-rwxr-xr-x    1 root     root       884264 Oct  9 18:53 /usr/bin/snes9x

Progeny, 1.29-2:
-rwxr-xr-x    1 root     root      1072024 Jul 18  2000 /usr/bin/snes9x
-rwxr-xr-x    1 root     root       975416 Jul 18  2000 /usr/bin/ssnes9x

-- 
Scott Dier <dieman@ringworld.org> <sdier@debian.org>
http://www.ringworld.org/  #linuxos@irc.openprojects.net

PGP signature

[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux