GTetrinet Game Client Buffer Overflows Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID: 1005497|
SecurityTracker URL: http://securitytracker.com/id/1005497
(Links to External Site)
Updated: Jun 3 2008|
Original Entry Date: Oct 29 2002
Execution of arbitrary code via network, User access via network|
Fix Available: Yes Vendor Confirmed: Yes |
Version(s): 0.4.3 and prior versions|
Several buffer overflows were reported in GTetrinet, a Gtk/GNOME-based client for the Tetrinet game. A remote user may be able to execute arbitrary code on the target user's system.|
It is reported that there are buffer overflows in the tetrinet_inmessage() and speclist_add() functions in 'src/tetrinet.c', in the config_getthemeinfo() theme information loading function in 'src/config.c', and in other code modules.
A remote user could cause arbitrary code to be executed on the target user's system with the privileges of the target user.|
The vendor has released a fixed version (0.4.4), available at:|
Vendor URL: gtetrinet.sourceforge.net/ (Links to External Site)
|Underlying OS: Linux (Any), UNIX (Any)|
Source Message Contents
Subject: GTetrinet buffer overflows|
by Oskuro (http://freshmeat.net/users/oskuro/)
Monday, October 28th 2002 02:35
Desktop Environment :: Gnome
About: GTetrinet is a clone of the popular Windows game Tetrinet. It is
written for Gtk/GNOME, and is designed to be fully compatible with the
original Tetrinet, as well as being identical in gameplay.
Changes: In this version, multiple buffer overflows have been fixed.
Upgrading to this version is highly encouraged, as the security problem is
License: GNU General Public License (GPL)
>From the ChangeLog:
2002-10-22 James Antill <firstname.lastname@example.org>
* src/tetrinet.c (tetrinet_inmessage): Check all values from atoi()
for out of bounds.
(tetrinet_inmessage): Check all int values from sscanf() for out of
(tetrinet_inmessage): Stop buffer overflows in sscanf() %s.
(tetrinet_inmessage): Protect playercount from overflow.
(speclist_add): Protect spectatorcount from overflow.
2002-10-21 James Antill <email@example.com>
* src/tetrinet.c: Convert hard coded color/attribute values into
constants and %c formats, when used in g_snprintf(). Readability.
* src/*.c: Replace all uses of sprintf(), strcpy(), strcat(),
strncpy() and strncat() with GTET_STRCPY() or GTET_STRCAT().
* src/config.c (config_getthemeinfo): Fixup buffer overflows on theme
* src/misc.h (GTET_STRCPY): Added safe strcpy() function.
(GTET_STRCAT): Added safe strcat() function.
(GTET_O_STRCPY): Added safe strcpy() function, with auto size.
(GTET_O_STRCAT): Added safe strcat() function, with auto size.