[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fwd: iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse

Quoting Phillip Hofmeister (plhofmei@zionlth.org):
> From: "David Endler" <dendler@idefense.com>
> [...]In a default abuse installation in
> Debian Linux, both abuse.console and abuse.x11R6 can be used in
> exploitation; both files are set group id games, and abuse.console is
> set user id root.

What's this about? _____________________
                                    vvvv

> 2. Remove the setuid bit from the XaoS binary by executing the
> following command:
> 
> # chmod -s /usr/lib/games/abuse/abuse.*

(noticing -rwsr-xr-x root root 378888 Jul 27 17:34 /usr/bin/xaos)
             ^

Cheers,

-- 
Email:  d.wright@open.ac.uk   Tel: +44 1908 653 739  Fax: +44 1908 655 151
Snail:  David Wright, Earth Science Dept., Milton Keynes, England, MK7 6AA
Disclaimer:   These addresses are only for reaching me, and do not signify
official stationery. Views expressed here are either my own or plagiarised.
Reply to: