[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fwd: iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse

On Mon, Nov 04, 2002 at 01:36:36PM +0000, David Wright wrote:
> Quoting Phillip Hofmeister (plhofmei@zionlth.org):
> What's this about? _____________________
>                                     vvvv
> > 2. Remove the setuid bit from the XaoS binary by executing the
> > following command:
> > 
> > # chmod -s /usr/lib/games/abuse/abuse.*
> (noticing -rwsr-xr-x root root 378888 Jul 27 17:34 /usr/bin/xaos)
>              ^

 Yikes.  I recommend:
dpkg-statoverride --update --add root root 755 /usr/bin/xaos
 This is permanent across upgrades, removals, and reinstalls of the xaos
package.  (--update tells statoverride to effect the change itself.)

#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BC

Reply to: