Re: [SECURITY] [DSA 609-1] New atari800 packages fix local root exploit
Martin Schulze píše v Út 14. 12. 2004 v 17:03 +0100:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - --------------------------------------------------------------------------
> Debian Security Advisory DSA 609-1 security@debian.org
> http://www.debian.org/security/ Martin Schulze
> December 14th, 2004 http://www.debian.org/security/faq
> - --------------------------------------------------------------------------
>
> Package : atari800
> Vulnerability : buffer overflows
> Problem-Type : local
> Debian-specific: no
> CVE ID : CAN-2004-1076
>
> Adam Zabrocki discovered multiple buffer overflows in atari800, an
> Atari emulator. In order to directly access graphics hardware, one of
> the affected programs is installed setuid root. A local attacker
> could exploit this vulnerability to gain root privileges.
>
> For the stable distribution (woody) these problems have been fixed in
> version 1.2.2-1woody3.
>
> For the unstable distribution (sid) these problems will be fixed soon.
I got it fixed in Atari800 CVS. Guess it won't make you much happy. I
know I should have made a proper release already.
Petr
Reply to: