Debian Security Advisory

svgalib -- local root exploit

Date Reported:
undated
Affected Packages:
svgalib
Vulnerable:
Yes
Security database references:
No other external database security references currently available.
More information:
svgalib didn't properly give up root privileges.

Quoting from the ksrt advisory:
svgalib 1.2.10 and below do not properly revoke privileges, and through the use of saved user ids, any svgalib application may still be vulnerable to buffer overruns(stack overwrites).

References:

Fixed in:
Intel - (in release 1.1) 1.2.10-5