Debian Security Advisory
svgalib -- local root exploit
- Date Reported:
- undated
- Affected Packages:
- svgalib
- Vulnerable:
- Yes
- Security database references:
- No other external database security references currently available.
- More information:
-
svgalib didn't properly give up root privileges.
Quoting from the ksrt advisory:
svgalib 1.2.10 and below do not properly revoke privileges, and through the use of saved user ids, any svgalib application may still be vulnerable to buffer overruns(stack overwrites).References:
- Fixed in:
- Intel - (in release 1.1) 1.2.10-5