Re: [SECURITY] [DSA 609-1] New atari800 packages fix local root exploit
Martin Schulze wrote: For the stable distribution (woody) these problems have been fixed in version 1.2.2-1woody3. For the unstable distribution (sid) these problems will be fixed soon. Actually, according to http://marc.theaimsgroup.com/?l=bugtraqm=110149441815270w=2 upstream version 1.3.2 in sid/sarge is not vulnerable. -- see shy jo signature.asc Description: Digital signature
Re: [SECURITY] [DSA 609-1] New atari800 packages fix local root exploit
On Tue, Dec 14, 2004 at 05:03:01PM +0100, Martin Schulze wrote: Adam Zabrocki discovered multiple buffer overflows in atari800, an Atari emulator. In order to directly access graphics hardware, one of the affected programs is installed setuid root. A local attacker could exploit this vulnerability to gain root privileges. I wonder if we could have some sort of policy to prevent this kind of silly bugs. It doesn't make sense to use root privs for displaying graphics when we have priviledge separation layers like SDL and X. -- .''`. Proudly running Debian GNU/kFreeBSD unstable/unreleased (on UFS2+S) : :' : `. `'http://www.debian.org/ports/kfreebsd-gnu `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Olivier PIANG-SIONG/UTI/IDF/DEPT/EDFGDF/FR est absent(e).
Je serai absent(e) du 13/12/2004 au 10/01/2005. Je répondrai à votre message dès mon retour. En cas d'absence veuillez contacter le numéro suivant : 01 43 69 76 61 cordialement
test
test -- _ ( -Paulo Gravito /~\ | \) \_|_ signature.asc Description: Digital signature
Re: [SECURITY] [DSA 609-1] New atari800 packages fix local root exploit
Martin Schulze pe v t 14. 12. 2004 v 17:03 +0100: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 609-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze December 14th, 2004 http://www.debian.org/security/faq - -- Package: atari800 Vulnerability : buffer overflows Problem-Type : local Debian-specific: no CVE ID : CAN-2004-1076 Adam Zabrocki discovered multiple buffer overflows in atari800, an Atari emulator. In order to directly access graphics hardware, one of the affected programs is installed setuid root. A local attacker could exploit this vulnerability to gain root privileges. For the stable distribution (woody) these problems have been fixed in version 1.2.2-1woody3. For the unstable distribution (sid) these problems will be fixed soon. I got it fixed in Atari800 CVS. Guess it won't make you much happy. I know I should have made a proper release already. Petr -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
