Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Atari800 - local root. (fwd)

from [Petr Stehlik] Network Security [Permanent Link]
Subject: Re: Atari800 - local root. (fwd)
Date: Fri, 26 Nov 2004 11:00:35 +0100 
Name:                       Atari800
Vendor URL:                 http://atari800.sourceforge.net/
Author:                     Adam Zabrocki <pi3ki31ny@wp.pl>
Date:                       November 20, 2004



  Atari800 - free and portable Atari800/XL/XE/5200 emulator allows attacker 
to execute
shellcode with privileges suid root, where Atari800 is installed.


applies to SVGALIB target only which is deprecated and should no longer
be used. Normal binaries (curses, framebuffer, X11 and all others) are
not suid root.


This bug exist in older Atari800 (i read source with version 1.3.0), in the 
lasted version
there isn't overflow in Aprint() function. It was rewrited!


yes, it was, because I were notified about this problem a year ago (see
below).


Btw. Atari 1.3.3 and 1.3.2 are not vuln but i don't found any raport of this 
bug what i writed here.


see the DOC/ChangeLog:

2003-11-13  Petr Stehlik  <pstehlik@sophics.cz>
* log.c: corrected buffer overflow found by Laios Mircea

I think it was found by Debian security team but I might be wrong (it's
more than year ago so I don't remember details).


Best regards Adam Zabrocki (pi3).


thanks for the analysis. I'll fix the other problem (in the config file
parsing).

Petr
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: Atari800 - local root. (fwd), Petr Stehlik <=
Previous by Date:  RE: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched], alex cottle
Next by Date:  php 4.3.7 memory limit POC exploit, Gyan chawdhary
Previous by Thread:  MDKSA-2004:141 - Updated zip packages fix vulnerability, Mandrake Linux Security Team
Next by Thread:  php 4.3.7 memory limit POC exploit, Gyan chawdhary
Indexes:  [Date] [Thread] [Top] [All Lists]