Typespeed Format String Flaw in HOME Variable Lets Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1013218
|
|
SecurityTracker URL: http://securitytracker.com/id?1013218
|
|
CVE Reference: CAN-2005-0105
(Links to External Site)
|
Date: Feb 16 2005
|
Impact: Execution of arbitrary code via local system, User access via local system
|
Version(s): 0.4.4 and prior versions
|
Description: A format string vulnerability was reported in typespeed. A local user can gain elevated privileges on the target system.
A sprintf() call is made in 'file.c' without the appropriate format string specifier when processing data from the HOME environment
variable. A local user can set the HOME environment variable to a specially crafted value to execute arbitrary code with 'games'
group privileges.
Ulf Harnhammar from the Debian Security Audit Project discovered this flaw.
|
Impact: A local user can execute arbitrary code with 'games' group privileges.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: ls.purkki.org/typespeed/ (Links to External Site)
|
Cause: Input validation error, State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 16 Feb 2005 08:22:13 -0500
Subject: [none]
|
CVE: CAN-2005-0105
A format string vulnerability was reported in typespeed. A local user can execute
arbitrary code with 'games' group privileges.
Ulf Harnhammar from the Debian Security Audit Project discovered this flaw.
|
|
