Gnome libs 1.08 is affected by a boundary condition error.
For further details see exploit URL:
I've also seen a local exploit for ssh 1.2.27 floating
around, but since that isnt included with redhat 6
officially..i dont know where to post it.
FWIW, there are no setuid/setgid root programs that ship with GNOME.
------- Additional Comments From 10/04/99 20:06 -------
hmm...here's the exploit for ssh :
$pid = $$;
$whoami = `whoami`;
for ($i = $pid; $i < $pid+50; $i++)
and a relevant link :
Huh? What does ssh have to do with gnome-libs?
------- Additional Comments From 10/10/99 17:54 -------
sorry...just found the ssh thing that was floating around and didnt
know where to post it..anyway, can we now fix both bugs ? or should i
resubmit it somewhere else ?
This bug is fixed in esound cvs, will be in next release.