Date: Wed, 3 May 2000 13:31:21 +0200 From: Thomas Biege <thomas@SUSE.DE> Subject: Re: SuSE 6.3 Gnomelib buffer overflow To: BUGTRAQ@SECURITYFOCUS.COM Hi, SuSE 6.3 includes just one SUGID gnome app and that's /opt/gnome/sbin/gnome-pty-helper, which is setgid tty. Only SuSE 6.4 includes setgid gnome games but it is _not_ vulnerable to this exploit. This bug doesn't depend on the Linux distributor, it depends on the gnome version. I think older releases of the other Linux vendors are also vulnerable... so, take care. We are working for a patch... stay tuned. Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47