Snes9x Local Buffer Overflow Vulnerability

Snes9x is a free Super Nintendo emulator that runs on a number of platforms.

Snes9x is prone to a buffer overflow. This is due to improper bounds checking of rom names. In this case, 4089 characters are required to overwrite the EIP. If this buffer is overrun, it may be possible for a local attacker to execute arbitrary code on the host. This may be a security concern on some systems because Snes9x documentation suggests setting the utilities setuid root.

Successful exploitation will lead to a full compromise of the host.

It should be noted that packages distributed in SuSE Linux, NetBSD, OpenBSD, FreeBSD, Debian Linux and Progeny Linux are not installed setuid root by default so exploitation of the buffer overflow will not lead to a root compromise on these systems.


Privacy Statement
Copyright 2010, SecurityFocus