COMMAND

    shotgun

SYSTEMS AFFECTED

    Linux systems running shotgun-1.1b

PROBLEM

    For those  who dont  have time  to read  README files,  here is  a
    piece  of  advise  about  a  svgalib-based (=suid root) linux file
    manager called shotgun (release 1.1b, found on sunsite).

    The author writes in this readme file that bound checks are to  be
    done... Actually, this code badly needs those bound checks!  There
    are more  than 10  buffer overflows  in the  code, all  while root
    perms haven't been dropped, as  required by svgalib.  Credit  goes
    to plaguez.

SOLUTION

    Upgrade if newer version exists or don't use it.