Re: Fwd: iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse
Quoting Phillip Hofmeister (plhofmei@zionlth.org):
> From: "David Endler" <dendler@idefense.com>
> [...]In a default abuse installation in
> Debian Linux, both abuse.console and abuse.x11R6 can be used in
> exploitation; both files are set group id games, and abuse.console is
> set user id root.
What's this about? _____________________
vvvv
> 2. Remove the setuid bit from the XaoS binary by executing the
> following command:
>
> # chmod -s /usr/lib/games/abuse/abuse.*
(noticing -rwsr-xr-x root root 378888 Jul 27 17:34 /usr/bin/xaos)
^
Cheers,
--
Email: d.wright@open.ac.uk Tel: +44 1908 653 739 Fax: +44 1908 655 151
Snail: David Wright, Earth Science Dept., Milton Keynes, England, MK7 6AA
Disclaimer: These addresses are only for reaching me, and do not signify
official stationery. Views expressed here are either my own or plagiarised.
Reply to: