Security Information / Security Advisories from late '97 and early '98 / Security Information -- svgalib

Debian Security Advisory

svgalib -- local root exploit

Date Reported:

undated

Affected Packages:

svgalib

Vulnerable:

Yes

Security database references:

No other external database security references currently available.

More information:

svgalib didn't properly give up root privileges.

Quoting from the ksrt advisory:
svgalib 1.2.10 and below do not properly revoke privileges, and through the use of saved user ids, any svgalib application may still be vulnerable to buffer overruns(stack overwrites).

References:

• Attrition.org advisory ksrt.001
• BugTraq mail list June 1997 (0128)

Fixed in:

Intel - (in release 1.1) 1.2.10-5