Re: Fwd: iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse
Quoting Phillip Hofmeister (firstname.lastname@example.org):
> From: "David Endler" <email@example.com>
> [...]In a default abuse installation in
> Debian Linux, both abuse.console and abuse.x11R6 can be used in
> exploitation; both files are set group id games, and abuse.console is
> set user id root.
What's this about? _____________________
> 2. Remove the setuid bit from the XaoS binary by executing the
> following command:
> # chmod -s /usr/lib/games/abuse/abuse.*
(noticing -rwsr-xr-x root root 378888 Jul 27 17:34 /usr/bin/xaos)
Email: firstname.lastname@example.org Tel: +44 1908 653 739 Fax: +44 1908 655 151
Snail: David Wright, Earth Science Dept., Milton Keynes, England, MK7 6AA
Disclaimer: These addresses are only for reaching me, and do not signify
official stationery. Views expressed here are either my own or plagiarised.