Re: [SECURITY] [DSA 609-1] New atari800 packages fix local root exploit

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 609-1] New atari800 packages fix local root exploit
From: Petr Stehlik <pstehlik@sophics.cz>
Date: Tue, 14 Dec 2004 21:57:01 +0100
Message-id: <[🔎] 1103057821.10462.4.camel@joy.home>
In-reply-to: <m1CeF8f-000pyOC@finlandia.Infodrom.North.DE>
References: <m1CeF8f-000pyOC@finlandia.Infodrom.North.DE>

Martin Schulze píše v Út 14. 12. 2004 v 17:03 +0100:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> - --------------------------------------------------------------------------
> Debian Security Advisory DSA 609-1                     security@debian.org
> http://www.debian.org/security/                             Martin Schulze
> December 14th, 2004                     http://www.debian.org/security/faq
> - --------------------------------------------------------------------------
> 
> Package        : atari800
> Vulnerability  : buffer overflows
> Problem-Type   : local
> Debian-specific: no
> CVE ID         : CAN-2004-1076
> 
> Adam Zabrocki discovered multiple buffer overflows in atari800, an
> Atari emulator.  In order to directly access graphics hardware, one of
> the affected programs is installed setuid root.  A local attacker
> could exploit this vulnerability to gain root privileges.
> 
> For the stable distribution (woody) these problems have been fixed in
> version 1.2.2-1woody3.
> 
> For the unstable distribution (sid) these problems will be fixed soon.

I got it fixed in Atari800 CVS. Guess it won't make you much happy. I
know I should have made a proper release already.

Petr

Reply to:

Prev by Date: Olivier PIANG-SIONG/UTI/IDF/DEPT/EDFGDF/FR est absent(e).
Next by Date: test
Previous by thread: Olivier PIANG-SIONG/UTI/IDF/DEPT/EDFGDF/FR est absent(e).
Next by thread: test
Index(es):
- Date
- Thread