On Mon, 4 Oct 2004 20:23:46 +0100 Steve Kemp <steve@xxxxxxxxxxxx> wrote: > On Sun, Oct 03, 2004 at 12:05:23PM +0300, Security Team wrote: > > > A vulnerability has been discovered in the game spider, an > > application contained in the Debian GNU/Linux distribution. > > The vulnerability allows a local attacker to gain elevated > > privileges by overflowing the -s parameter. > > > > Impact: > > The attacker can gain group privileges. By default "games". > > Neither Debian stable nor unstable contain any spider binaries > setuid or setgid. *cut the linux crap ;)* He didn't said DEBIAN is affected. He just said it's contained in Debian. I would take "contained" as example.... not as "only affected". And he also didn't said something about getting r00t. Just group privileges... (getting "games"-gid.. w00w00 ;)). Even Debian dosn't setuid/setguid spider it's include and I'm sure the author wouldn't report things wich don't work. So get the "games"-gid with this error and be happy. ;-) And spend honor to the guys who allow the "games"-group to use adduser. :) vh
Attachment:
pgp00008.pgp
Description: PGP signature