SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Game)  >   xtokkaetama Vendors:   Kimata, Hideki
xtokkaetama Buffer Overflows Let Local Users Gain 'Games' Group Privileges
SecurityTracker Alert ID:  1007350
SecurityTracker URL:  http://securitytracker.com/id/1007350
CVE Reference:   CVE-2003-0611   (Links to External Site)
Date:  Jul 31 2003
Impact:   Execution of arbitrary code via local system, User access via local system

Version(s): 1.0b
Description:   A buffer overflow vulnerability was reported in the xtokkaetama puzzle game. A local user can gain elevated group privileges.

A local user can reportedly supply a specially crafted '-display' command line option or set a specially crafted XTOKKAETAMADIR environment variable to trigger either of two buffer overflows and execute arbitrary code. The code will run with set group id (setgid) 'games' group privileges.

Debian credited Steve Kemp with reporting the flaw.

Impact:   A local user can execute arbitrary code with 'games' group privileges.
Solution:   No upstream solution was available at the time of this entry. Debian has released a fix for Debian Linux [see the Message History -- a separate alert will be issued regarding the Debian fix].
Vendor URL:  www.hry.info.gifu-u.ac.jp/~hideki/cgi/xgame.cgi?name=xtokkaetama (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 31 2003 (Debian Issues Fix) xtokkaetama Buffer Overflows Let Local Users Gain 'Games' Group Privileges
Debian has released a fix.



 Source Message Contents

Subject:  xtokkaetama


Debian noted that there are two buffer overflow vulnerabilities in the xtokkaetama puzzle 
game.  A local user can supply a specially crafted '-display' command line option or set a 
specially crafted XTOKKAETAMADIR environment variable to trigger the overflows and execute 
arbitrary code.  The code will run with set group id (setgid) 'games' group privileges.

Debian credited Steve Kemp with reporting the flaw.

Vendor URL: http://www.hry.info.gifu-u.ac.jp/~hideki/

CVE: CAN-2003-0611





 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC