![[LWN Logo]](/images/lwn.banner.gif)
Date: Wed, 3 May 2000 13:31:21 +0200
From: Thomas Biege <thomas@SUSE.DE>
Subject: Re: SuSE 6.3 Gnomelib buffer overflow
To: BUGTRAQ@SECURITYFOCUS.COM
Hi,
SuSE 6.3 includes just one SUGID gnome app and that's
/opt/gnome/sbin/gnome-pty-helper, which is setgid tty.
Only SuSE 6.4 includes setgid gnome games but it is
_not_ vulnerable to this exploit.
This bug doesn't depend on the Linux distributor, it
depends on the gnome version.
I think older releases of the other Linux vendors
are also vulnerable... so, take care.
We are working for a patch... stay tuned.
Bye,
Thomas
--
Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E@mail: thomas@suse.de Function: Security Support & Auditing
"lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka"
Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47