SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Game)  >   Typespeed Vendors:   Ollikainen, Jani
(Debian Issues Fix) Typespeed Game Buffer Overflow in Networking Code Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1007003
SecurityTracker URL:  http://securitytracker.com/id/1007003
CVE Reference:   CVE-2003-0435   (Links to External Site)
Date:  Jun 17 2003
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.4.1 and prior versions
Description:   A vulnerability was reported in the Typespeed typing game software. A remote user can gain root privileges on the system.

Bazarr reported that a buffer overflow resides in the net_swapscore() function in the 'network.c' file. A remote user can reportedly overflow the heap and execute arbitrary code when the game is used in network mode.

[Editor's note: The vendor's Readme file indicates that the network mode is "buggy."]

Impact:   A remote user can execute arbitrary code with the privileges of the user running Typespeed.
Solution:   Debian has released a fix in version 0.4.1-2.2 for the stable distribution (woody) and in version 0.4.0-5.2 for the old stable distribution (potato). A fix for the unstable distribution (sid) will be released soon.

Debian GNU/Linux 2.2 alias potato:

Source archives:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2.dsc
Size/MD5 checksum: 575 767dd2e18754d28aa6358088e28c4093
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2.diff.gz
Size/MD5 checksum: 6972 0c9ccfdb4de0d590c2564dc7234890c3
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0.orig.tar.gz
Size/MD5 checksum: 33037 587b3ca15b32142d24bd452881c64dd1

Alpha architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_alpha.deb
Size/MD5 checksum: 40806 9e3294ddcf9a1cd50ab22f68bc70398f

ARM architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_arm.deb
Size/MD5 checksum: 34768 9f2e9f3a5816625f285a77a6af4d7cba

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_i386.deb
Size/MD5 checksum: 34342 11e219001c13f46d83692e5af4c2297e

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_m68k.deb
Size/MD5 checksum: 33564 cd348d47dac0b37a9d0a5b7a44f2d694

PowerPC architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_powerpc.deb
Size/MD5 checksum: 37066 c1b7f3e5609290a609093b7ac7484cdf

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_sparc.deb
Size/MD5 checksum: 39186 e62aa0e652a33f178b2605036e48fd94

Debian GNU/Linux 3.0 alias woody:

Source archives:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2.dsc
Size/MD5 checksum: 575 024a4d1ab64016f9eba9e4044650648d
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2.diff.gz
Size/MD5 checksum: 8355 6dfd0374cbf59287711d6a906db6d9ff
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1.orig.tar.gz
Size/MD5 checksum: 35492 0af9809cd20bd9010732ced930090f32

Alpha architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_alpha.deb
Size/MD5 checksum: 44396 0369a05fe541e5a971fa2c3a51241fce

ARM architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_arm.deb
Size/MD5 checksum: 39072 646893ab59053e1f917ff07bcfd0959b

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_i386.deb
Size/MD5 checksum: 38778 fed120a0eb74f05b64aa3605b893f1aa

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_ia64.deb
Size/MD5 checksum: 50038 7ab9b9c6c4dd8137dd081166d6e665cf

HP Precision architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_hppa.deb
Size/MD5 checksum: 41976 798a5e04cd5f0fb389f0b6f5588104c0

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_m68k.deb
Size/MD5 checksum: 37472 1629b0912b07469909daa6ed168799f6

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_mips.deb
Size/MD5 checksum: 41132 f92ab74c13116dd5e72cd8c8472b8291

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_mipsel.deb
Size/MD5 checksum: 41152 c2232aba2146b647d98ac86ef12110ea

PowerPC architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_powerpc.deb
Size/MD5 checksum: 41324 2937d98be2af68983b8f529f38e6f832

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_s390.deb
Size/MD5 checksum: 38932 a070a445396df2f7a615a16500f49e65

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_sparc.deb
Size/MD5 checksum: 43040 5292c53c201b105265b1a9addb031d7f

Vendor URL:  www.sicom.fi/~bestis/typespeed.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Debian)
Underlying OS Comments:  2.2, 3.0

Message History:   This archive entry is a follow-up to the message listed below.
Jun 14 2003 Typespeed Game Buffer Overflow in Networking Code Lets Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [SECURITY] [DSA-322-1] New typespeed packages fix buffer overflow



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 322-1                     security@debian.org
http://www.debian.org/security/                             Matt Zimmerman
June 16th, 2003                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : typespeed
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE Id         : CAN-2003-0435

typespeed is a game which challenges the player to type words
correctly and quickly.  It contains a network play mode which allows
players on different systems to play competitively.  The network code
contains a buffer overflow which could allow a remote attacker to
execute arbitrary code under the privileges of the user invoking
typespeed, in addition to gid games.

For the stable distribution (woody) this problem has been fixed in
version 0.4.1-2.2.

For the old stable distribution (potato) this problem has been fixed
in version 0.4.0-5.2.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you update your typespeed package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2.dsc
      Size/MD5 checksum:      575 767dd2e18754d28aa6358088e28c4093
    http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2.diff.gz
      Size/MD5 checksum:     6972 0c9ccfdb4de0d590c2564dc7234890c3
    http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0.orig.tar.gz
      Size/MD5 checksum:    33037 587b3ca15b32142d24bd452881c64dd1

  Alpha architecture:

    http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_alpha.deb
      Size/MD5 checksum:    40806 9e3294ddcf9a1cd50ab22f68bc70398f

  ARM architecture:

    http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_arm.deb
      Size/MD5 checksum:    34768 9f2e9f3a5816625f285a77a6af4d7cba

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_i386.deb
      Size/MD5 checksum:    34342 11e219001c13f46d83692e5af4c2297e

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_m68k.deb
      Size/MD5 checksum:    33564 cd348d47dac0b37a9d0a5b7a44f2d694

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_powerpc.deb
      Size/MD5 checksum:    37066 c1b7f3e5609290a609093b7ac7484cdf

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_sparc.deb
      Size/MD5 checksum:    39186 e62aa0e652a33f178b2605036e48fd94

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2.dsc
      Size/MD5 checksum:      575 024a4d1ab64016f9eba9e4044650648d
    http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2.diff.gz
      Size/MD5 checksum:     8355 6dfd0374cbf59287711d6a906db6d9ff
    http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1.orig.tar.gz
      Size/MD5 checksum:    35492 0af9809cd20bd9010732ced930090f32

  Alpha architecture:

    http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_alpha.deb
      Size/MD5 checksum:    44396 0369a05fe541e5a971fa2c3a51241fce

  ARM architecture:

    http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_arm.deb
      Size/MD5 checksum:    39072 646893ab59053e1f917ff07bcfd0959b

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_i386.deb
      Size/MD5 checksum:    38778 fed120a0eb74f05b64aa3605b893f1aa

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_ia64.deb
      Size/MD5 checksum:    50038 7ab9b9c6c4dd8137dd081166d6e665cf

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_hppa.deb
      Size/MD5 checksum:    41976 798a5e04cd5f0fb389f0b6f5588104c0

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_m68k.deb
      Size/MD5 checksum:    37472 1629b0912b07469909daa6ed168799f6

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_mips.deb
      Size/MD5 checksum:    41132 f92ab74c13116dd5e72cd8c8472b8291

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_mipsel.deb
      Size/MD5 checksum:    41152 c2232aba2146b647d98ac86ef12110ea

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_powerpc.deb
      Size/MD5 checksum:    41324 2937d98be2af68983b8f529f38e6f832

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_s390.deb
      Size/MD5 checksum:    38932 a070a445396df2f7a615a16500f49e65

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_sparc.deb
      Size/MD5 checksum:    43040 5292c53c201b105265b1a9addb031d7f

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+7mTdArxCt0PiXR4RAuwdAJ0Z7f3AwUOEudq0KWlOGFoanUhmxwCfYpxe
BXn4L+0J1i72H5npAqgSlyk=
=ExQZ
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC