SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Game)  >   atari800 Vendors:   atari800.sourceforge.net
Atari800 Buffer Overflow Lets Local Users Execute Arbitrary Code With Root Privileges
SecurityTracker Alert ID:  1007365
SecurityTracker URL:  http://securitytracker.com/id/1007365
CVE Reference:   CVE-2003-0630   (Links to External Site)
Date:  Aug 1 2003
Impact:   Execution of arbitrary code via local system, Root access via local system
Vendor Confirmed:  Yes  
Version(s): 1.3.0
Description:   Several buffer overflow vulnerabilities were reported in the Atari800 emulator software. A local user can gain root privileges.

Debian credited Steve Kemp with discovering multiple buffer overflow vulnerabilities in Atari800. Because one of the affected applications is configured with set user id (setuid) root privileges (for accessing graphics hardware), a local user can execute arbitrary code with root privileges.

Impact:   A local user can execute arbitrary code with root privileges.
Solution:   No upstream solution was available at the time of this entry.

Debian has released a fix. A separate Alert will be issued regarding the Debian fix [see the Message History].

Vendor URL:  atari800.sourceforge.net/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 1 2003 (Debian Issues Fix) Atari800 Buffer Overflow Lets Local Users Execute Arbitrary Code With Root Privileges
Debian has released a fix.



 Source Message Contents

Subject:  atari800


Debian reported that there are several buffer overflow vulnerabilities in Atari800. 
Because one of the affected applications is configured with set user id (setuid) root 
privileges (for accessing graphics hardware), a local user can gain root privileges.

Steve Kemp is credited with discovery.

CVE:  CAN-2003-0630



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC