Package: bsdgames Version: 2.17-5 Tags: security Severity: normal http://bugs.gentoo.org/show_bug.cgi?id=122399 for details, this is CVE-2006-1539
The players name is printed into a buffer using sprintf without validation, causing a classic stack overflow. On another occasion, the level is read from the file without validation, which is then used as an offset into an integer stack array and written to. While what's written cant be controlled, this could be enough to modify an ret addr enough to execute arbitrary code read from the score file. Note that Debian is not as prone to exploit as gentoo, since they apparently have regular users in group games. However, this is still a bug in bsdgames and can still contribute to exploits: If some other game is exploited and an attacker gains group games then they can use this bug to take over accounts that run tetris-bsd. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-1-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages bsdgames depends on: ii libc6 2.3.6-4 GNU C Library: Shared libraries an ii libgcc1 1:4.1.0-1 GCC support library ii libncurses5 5.5-1 Shared libraries for terminal hand ii libstdc++6 4.1.0-1 The GNU Standard C++ Library v3 ii miscfiles [wordlist] 1.4.2.dfsg.1-1 Dictionaries and other interesting ii wamerican [wordlist] 6-2 American English dictionary words ii wbritish [wordlist] 6-2 British English dictionary words f bsdgames recommends no packages. -- no debconf information -- see shy jo
signature.asc
Description: Digital signature
