Xmame buffer overflow, with a possibility of privilege escalation I. BACKGROUND Xmame and xmess are ports of MAME, the Multiple Arcade Machine Emulator and MESS, the Multi Emulator Super System. They run primarily on Linux and various flavors of UNIX, although some other operating systems, such as BeOS, are supported to some degree. II. DESCRIPTION Several functions in src/fileio.c and src/unix/fileio.c did not handle large input propely. These can cause buffer overflow. Most of the distros install xmame with suid root. There is a possibility for a local user to gain root privilege. Exploitation requires an attacker to send a specially constructed input for these few arguments.
you know whats coming next: please provide fixed packages, thx
Gentoo doesn't install xmame suid root.
yeah, as we've noted before, no game is allowed to be installed setuid root in Gentoo ... we have explicit post install checks for it therefore, there is no security issue here
Closing as invalid. Sorry for the trouble, next time i'll simply join your channel and ask before i open bugs :/
