Steve Langasek wrote:
> On Wed, Apr 05, 2006 at 11:00:16AM +0200, Moritz Muehlenhoff wrote:
> > Steve Langasek wrote:
> > > > > This bug has been pending for more than two months and no fix in
> > > > > Debian
> > > > > yet... Does Bruno still track his bugs?
>
> > > > > Here is two patches for both Sarge and Sid versions.
>
> > > > > Pierre Riteau
>
> > > > > (CC'ing [EMAIL PROTECTED] for the stable fix, and the
> > > > > Co-Maintainer as I don't know if he receives BTS replies)
> > > > > (Email address in previous message for tagging is wrong, I was playing
> > > > > with bts thinking it wouldn't commit the changes)
>
> > > > Xmame is non-free and thus not supported by the Security Team.
> > > > (Only the relatively obscure -svgalib version is affected, anyway.)
>
> > > Is it the case that this bug doesn't affect the other frontends *at all*,
> > > or
> > > just that, not being suid root, it's just an arbitrary code execution bug
> > > instead of a root exploit?
>
> > It's a local vulnerability, the only security ramification would be a
> > privilege escalation:
>
> If untrusted input can trigger arbitrary code execution, then that still has
> security implications. I don't think that most users only use trusted ROMs
> with xmame. :)
Yeah, but according to the original advisory the overflows are in args parsing.
(It could be possible that these values can somehow be influenced from a crafted
ROM, though.)
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
