SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Game)  >   GTetrinet Vendors:   gtetrinet.sourceforge.net
GTetrinet Game Client Buffer Overflows Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1005497
SecurityTracker URL:  http://securitytracker.com/id/1005497
CVE Reference:   CVE-2002-2381   (Links to External Site)
Updated:  Jun 3 2008
Original Entry Date:  Oct 29 2002
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.4.3 and prior versions
Description:   Several buffer overflows were reported in GTetrinet, a Gtk/GNOME-based client for the Tetrinet game. A remote user may be able to execute arbitrary code on the target user's system.

It is reported that there are buffer overflows in the tetrinet_inmessage() and speclist_add() functions in 'src/tetrinet.c', in the config_getthemeinfo() theme information loading function in 'src/config.c', and in other code modules.

Impact:   A remote user could cause arbitrary code to be executed on the target user's system with the privileges of the target user.
Solution:   The vendor has released a fixed version (0.4.4), available at:

http://download.sourceforge.net/gtetrinet/gtetrinet-0.4.4.tar.gz
http://gtetrinet.sourceforge.net/

Vendor URL:  gtetrinet.sourceforge.net/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  GTetrinet buffer overflows


  GTetrinet 0.4.4 
  by Oskuro (http://freshmeat.net/users/oskuro/)
  Monday, October 28th 2002 02:35

Desktop Environment :: Gnome
Games/Entertainment

About: GTetrinet is a clone of the popular Windows game Tetrinet. It is
written for Gtk/GNOME, and is designed to be fully compatible with the
original Tetrinet, as well as being identical in gameplay.

Changes: In this version, multiple buffer overflows have been fixed.
Upgrading to this version is highly encouraged, as the security problem is
remotely exploitable.

License: GNU General Public License (GPL)

URL: http://freshmeat.net/projects/gtetrinet/

-----------

>From the ChangeLog:

2002-10-22  James Antill  <james@and.org>

	* src/tetrinet.c (tetrinet_inmessage): Check all values from atoi()
	for out of bounds.
	(tetrinet_inmessage): Check all int values from sscanf() for out of
	bounds.
	(tetrinet_inmessage): Stop buffer overflows in sscanf() %s.
	(tetrinet_inmessage): Protect playercount from overflow.
	(speclist_add): Protect spectatorcount from overflow.

2002-10-21  James Antill  <james@and.org>

	* src/tetrinet.c: Convert hard coded color/attribute values into
	constants and %c formats, when used in g_snprintf(). Readability.
	
	* src/*.c: Replace all uses of sprintf(), strcpy(), strcat(), 
	strncpy() and strncat() with GTET_STRCPY() or GTET_STRCAT().

	* src/config.c (config_getthemeinfo): Fixup buffer overflows on theme
	info load.

	* src/misc.h (GTET_STRCPY): Added safe strcpy() function.
	(GTET_STRCAT): Added safe strcat() function.
	(GTET_O_STRCPY): Added safe strcpy() function, with auto size.
	(GTET_O_STRCAT): Added safe strcat() function, with auto size.



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC