Mailinglist Archive: opensuse-security (192 mails)

< Previous Next >
Re: SuSE 6.3 Gnomelib buffer overflow
  • From: Thomas Biege <thomas@xxxxxxx>
  • Date: Wed, 3 May 2000 13:31:21 +0200 (MEST)
  • Message-id: <Pine.LNX.4.05.10005031259340.28843-100000@xxxxxxxxxxxxxx>
SuSE 6.3 includes just one SUGID gnome app and that's
/opt/gnome/sbin/gnome-pty-helper, which is setgid tty.
Only SuSE 6.4 includes setgid gnome games but it is
_not_ vulnerable to this exploit.

This bug doesn't depend on the Linux distributor, it
depends on the gnome version.
I think older releases of the other Linux vendors
are also vulnerable... so, take care.

We are working for a patch... stay tuned.

Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E@mail: thomas@xxxxxxx Function: Security Support & Auditing
"lynx -source | pgp -fka"
Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47

< Previous Next >
This Thread
  • No further messages