SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Game)  >   Crawl Vendors:   Henzell, Linley
Crawl Environment Variable Buffer Overflow May Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1008933
SecurityTracker URL:  http://securitytracker.com/id/1008933
CVE Reference:   CVE-2004-0103   (Links to External Site)
Date:  Feb 3 2004
Impact:   Execution of arbitrary code via local system, User access via local system

Version(s): 4.0.0 (beta 26)
Description:   A buffer overflow vulnerability was reported in the Crawl game. A local user may be able to gain elevated privileges.

It is reported that a local user can set a specially crafted environment variable to trigger a buffer overflow. It may be possible to execute arbitrary code with the privileges of the game.

According to the report, the flaw resides in 'food.cc' where a user-defined variable (SysEnv.crawl_pizza) is copied into a 200-byte fixed length buffer (info).

Debian reported that Steve Kemp discovered the flaw.

Impact:   A local user may be able to execute arbitrary code with the privileges of the game application.
Solution:   No upstream solution was available at the time of this entry.

[Editor's note: Debian has released a fix for Debian Linux. The Debian fix will be addressed in a separate Alert. See the Message History.]

Vendor URL:  www.dungeoncrawl.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Feb 3 2004 (Debian Issues Fix) Crawl Environment Variable Buffer Overflow May Let Local Users Gain Elevated Privileges
Debian has released a fix.



 Source Message Contents

Subject:  CVE-2004-0103


CVE: CAN-2004-0103

Debian reported that Steve Kemp from the GNU/Linux audit project discovered a flaw in the 
'crawl' game.  A local user can set some specially crafted environment variables to 
trigger a buffer overflow.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC