Re: Linux GNOME exploit

Brock Tellier <btellier@WEBLEY.COM> writes:

>     Virtually any program using the GNOME libraries is vulnerable to a
> buffer overflow attack.  The attack comes in the form:
> /path/to/gnome/prog --enable-sound --espeaker=$80bytebuffer
> The following exploit should work against any GNOME program, though I
> tried it on (the irony) /usr/games/nethack, which is SGID root by default
> on RH6.0.  An attack on any program will look something like this:
> [xnec@redhack gnox]$ uname -a; cat /etc/redhat-release; id
> Linux redhack 2.2.9-19mdk #1 Wed May 19 19:53:00 GMT 1999 i686 unknown
> Linux Mandrake release 6.0 (Venus)

Humm it's not a RedHat bugs but a Mandrake one.

The fixed package is available from our updates mirror, see :

or launch MandrakeUpdate.

Nota the security is only with 6.0 version, since 6.1 the package was

We advice to remove completely the package from your system if you are
maniac of security (and who aren't ?).


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]