SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Game)  >   XBoing Vendors:   Kibell, Justin C.
XBoing Environment Variable Buffer Overflows Let Local Users Obtain 'games' Group Privileges
SecurityTracker Alert ID:  1009246
SecurityTracker URL:  http://securitytracker.com/id/1009246
CVE Reference:   CVE-2004-0149   (Links to External Site)
Date:  Feb 27 2004
Impact:   Execution of arbitrary code via local system, User access via local system

Version(s): 2.4 and prior versions
Description:   Some vulnerabilities were reported in the XBoing game. A local user can gain elevated privileges on the target system.

It is reported that the software fails to properly validate the length several user-supplied environment variables. A local user can set a specially crafted value for an environment variable and then run the game to execute arbitrary code on the target system. The code will run with set group id (setgid) 'games' group privileges.

Flaws are reported in the processing of the following environment variables: XBOING_SCORE_FILE in 'highscore.c', HOME in 'misc.c', and XBOING_LEVELS_DIR in 'demo.c', 'editor.c', 'file.c', and 'preview.c'.

Impact:   A local user can execute arbitrary code with 'games' group privileges.
Solution:   No upstream solution was available at the time of this entry. [Editor's note: It appears that the upstream version is no longer maintained.]
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Feb 28 2004 (Debian Issues Fix) XBoing Environment Variable Buffer Overflows Let Local Users Obtain 'games' Group Privileges
Debian has released a fix.



 Source Message Contents

Subject:  CVE: CVE-2004-0149


CVE: CAN-2004-0149

Debian reported that Steve Kemp discovered several buffer overflow vulnerabilities in 
XBoing in the processing of environment variables.  A local user can set a specially 
crafted value for the environment variable and then run the game to execute arbitrary code 
on the target system.  The code will run with set group id (setgid) 'games' group privileges.

Version 2.4 is reportedly affected.

Flaws are reported in the processing of the following environment variables:

XBOING_SCORE_FILE: 'highscore.c'
HOME: 'misc.c'
XBOING_LEVELS_DIR: 'demo.c', 'editor.c', 'file.c', and 'preview.c'.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC