[MBT] new ticket for pkg xscreensaver "Probably not present: possible root exploit"
bugs at pld.org.pl
bugs at pld.org.pl
Wed May 21 19:24:55 CEST 2003
Date: 2003-05-21 19:24:51+02 Author: (kreutzm) <kreutzm at itp.uni-hannover.de>
Title: Probably not present: possible root exploit
Ticket ID: #670
Ticket URL: http://bugs.pld.org.pl/?bug=670
Package: xscreensaver-1:4.03-3
Distribution: PLD-1.0.main
Category: security problem
Current state: opened
Text:
I don't think PLD is affected, since xscreensaver isn't SUID root and thus I don't understand how this should happen. Also the exploit on
http://www.securitytracker.com/alerts/2003/Mar/1006235.html
segfaults. Unfortunately I don't see what kind of shell code it is supposed to run, but the segfault should happen before the exploit?
Anyway, I'd be glad if you have a look at it.
More information about the pld-bugs
mailing list