SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Game)  >   XBoing Vendors:   Kibell, Justin C.
(Debian Issues Fix) XBoing Environment Variable Buffer Overflows Let Local Users Obtain 'games' Group Privileges
SecurityTracker Alert ID:  1009247
SecurityTracker URL:  http://securitytracker.com/id/1009247
CVE Reference:   CVE-2004-0149   (Links to External Site)
Date:  Feb 28 2004
Impact:   Execution of arbitrary code via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.4-26
Description:   Some vulnerabilities were reported in the XBoing game. A local user can gain elevated privileges on the target system.

It is reported that the software fails to properly validate the length several user-supplied environment variables. A local user can set a specially crafted value for an environment variable and then run the game to execute arbitrary code on the target system. The code will run with set group id (setgid) 'games' group privileges.

Flaws are reported in the processing of the following environment variables: XBOING_SCORE_FILE in 'highscore.c', HOME in 'misc.c', and XBOING_LEVELS_DIR in 'demo.c', 'editor.c', 'file.c', and 'preview.c'.

Impact:   A local user can execute arbitrary code with 'games' group privileges.
Solution:   Debian has released a fix for the current stable distribution (woody) in version 2.4-26woody1 and for the unstable distribution (sid) in version 2.4-26.1.

Debian GNU/Linux 3.0 alias woody:

Source archives:

http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1.dsc
Size/MD5 checksum: 580 f9ef94d37b5db34cf867d172529ad325
http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1.diff.gz
Size/MD5 checksum: 13200 3627d000f33d496e5092bef84c92963e
http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4.orig.tar.gz
Size/MD5 checksum: 586869 3b6ebbf4321cffc69048e5611aa9d28d

Alpha architecture:

http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_alpha.deb
Size/MD5 checksum: 533078 77530ad6b6abdb480af6a7d5ba03d609

ARM architecture:

http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_arm.deb
Size/MD5 checksum: 520166 de88300d9d4d6232b0e04d8dc700d5f1

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_i386.deb
Size/MD5 checksum: 510744 21f12476ececfab492a3525162e465bf

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_ia64.deb
Size/MD5 checksum: 575066 d59a129a157f2c7f0d6b155d5c219c24

HP Precision architecture:

http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_hppa.deb
Size/MD5 checksum: 516918 ef35a77de22e3785953b4824ae0f1324

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_m68k.deb
Size/MD5 checksum: 509124 065f733083fac4310355ed1d212b386d

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_mips.deb
Size/MD5 checksum: 525836 b0af1feb5d8ced400a5e783f0abcfcd9

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_mipsel.deb
Size/MD5 checksum: 523436 34f791984ef83ac3237c40a3a615e3a0

PowerPC architecture:

http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_powerpc.deb
Size/MD5 checksum: 512960 09be35d56f9707f45cda7971c1996b58

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_s390.deb
Size/MD5 checksum: 515484 2d00881d1d4204fef37e9a650bf96b90

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_sparc.deb
Size/MD5 checksum: 515784 517ce299d41930a7ed18ac2b48f178a1

Vendor URL:  www.debian.org/security/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Debian)
Underlying OS Comments:  3.0

Message History:   This archive entry is a follow-up to the message listed below.
Feb 27 2004 XBoing Environment Variable Buffer Overflows Let Local Users Obtain 'games' Group Privileges



 Source Message Contents

Subject:  [SECURITY] [DSA 451-1] New xboing packages fix buffer overflows


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 451-1                     security@debian.org
http://www.debian.org/security/                             Matt Zimmerman
February 27th, 2004                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : xboing
Vulnerability  : buffer overflows
Problem-Type   : local
Debian-specific: no
CVE Id         : CAN-2004-0149
Debian bug     : 174924

Steve Kemp discovered a number of buffer overflow vulnerabilities in
xboing, a game, which could be exploited by a local attacker to gain
gid "games".

For the current stable distribution (woody) these problems have been
fixed in version 2.4-26woody1.

For the unstable distribution (sid), these problems have been fixed in
version 2.4-26.1.

We recommend that you update your xboing package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1.dsc
      Size/MD5 checksum:      580 f9ef94d37b5db34cf867d172529ad325
    http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1.diff.gz
      Size/MD5 checksum:    13200 3627d000f33d496e5092bef84c92963e
    http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4.orig.tar.gz
      Size/MD5 checksum:   586869 3b6ebbf4321cffc69048e5611aa9d28d

  Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_alpha.deb
      Size/MD5 checksum:   533078 77530ad6b6abdb480af6a7d5ba03d609

  ARM architecture:

    http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_arm.deb
      Size/MD5 checksum:   520166 de88300d9d4d6232b0e04d8dc700d5f1

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_i386.deb
      Size/MD5 checksum:   510744 21f12476ececfab492a3525162e465bf

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_ia64.deb
      Size/MD5 checksum:   575066 d59a129a157f2c7f0d6b155d5c219c24

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_hppa.deb
      Size/MD5 checksum:   516918 ef35a77de22e3785953b4824ae0f1324

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_m68k.deb
      Size/MD5 checksum:   509124 065f733083fac4310355ed1d212b386d

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_mips.deb
      Size/MD5 checksum:   525836 b0af1feb5d8ced400a5e783f0abcfcd9

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_mipsel.deb
      Size/MD5 checksum:   523436 34f791984ef83ac3237c40a3a615e3a0

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_powerpc.deb
      Size/MD5 checksum:   512960 09be35d56f9707f45cda7971c1996b58

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_s390.deb
      Size/MD5 checksum:   515484 2d00881d1d4204fef37e9a650bf96b90

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_sparc.deb
      Size/MD5 checksum:   515784 517ce299d41930a7ed18ac2b48f178a1

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAP78pArxCt0PiXR4RAghgAKDLDkgdDexBugBvugGdwThD2AxljQCcDOIJ
hz+d6aRx3VA8EzL9AUrnOQ8=
=qvMv
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC