TC
12-08-01, 03:32 PM
I'm not entirely sure what this means, but a friend from work just sent me this:
*** {01.49.002} Cross - SETI@Home SOCKS support overflows
The SETI@Home client version 3.03 has been found to contain a buffer
overflow in the handling of various parameters passed to configure
the built-in SOCKS support. Installations that have added suid or
sgid privileges to the client are vulnerable to a local privilege
escalation attack. Fortunately, the client does not have extra
privileges by default.
The advisory indicates confirmation by the vendor, which will fix
the vulnerability in the next version.
Source: SecurityFocus Vuln-Dev
http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0662.html
Hank Beaver
Application Developer
Assembléon America (formerly Philips EMT Americas)
5110 McGinnis Ferry RD
Alpharetta, GA 30005
*** {01.49.002} Cross - SETI@Home SOCKS support overflows
The SETI@Home client version 3.03 has been found to contain a buffer
overflow in the handling of various parameters passed to configure
the built-in SOCKS support. Installations that have added suid or
sgid privileges to the client are vulnerable to a local privilege
escalation attack. Fortunately, the client does not have extra
privileges by default.
The advisory indicates confirmation by the vendor, which will fix
the vulnerability in the next version.
Source: SecurityFocus Vuln-Dev
http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0662.html
Hank Beaver
Application Developer
Assembléon America (formerly Philips EMT Americas)
5110 McGinnis Ferry RD
Alpharetta, GA 30005