SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Game)  >  XBoing Vendors:  Kibell, Justin C.
XBoing Environment Variable Buffer Overflows Let Local Users Obtain 'games' Group Privileges
SecurityTracker Alert ID:  1009246
CVE Reference:  CAN-2004-0149   (Links to External Site)
Date:  Feb 27 2004
Impact:  Execution of arbitrary code via local system, User access via local system
Version(s): 2.4 and prior versions
Description:  Some vulnerabilities were reported in the XBoing game. A local user can gain elevated privileges on the target system.

It is reported that the software fails to properly validate the length several user-supplied environment variables. A local user can set a specially crafted value for an environment variable and then run the game to execute arbitrary code on the target system. The code will run with set group id (setgid) 'games' group privileges.

Flaws are reported in the processing of the following environment variables: XBOING_SCORE_FILE in 'highscore.c', HOME in 'misc.c', and XBOING_LEVELS_DIR in 'demo.c', 'editor.c', 'file.c', and 'preview.c'.
Impact:  A local user can execute arbitrary code with 'games' group privileges.
Solution:  No upstream solution was available at the time of this entry. [Editor's note: It appears that the upstream version is no longer maintained.]
Cause:  Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Feb 28 2004 (Debian Issues Fix) XBoing Environment Variable Buffer Overflows Let Local Users Obtain 'games' Group Privileges   (Matt Zimmerman <mdz@debian.org>)
Debian has released a fix.


 Source Message Contents
Date:  Fri, 27 Feb 2004 18:39:09 -0500
Subject:  CVE: CAN-2004-0149

 

CVE: CAN-2004-0149

Debian reported that Steve Kemp discovered several buffer overflow vulnerabilities in 
XBoing in the processing of environment variables.  A local user can set a specially 
crafted value for the environment variable and then run the game to execute arbitrary code 
on the target system.  The code will run with set group id (setgid) 'games' group privileges.

Version 2.4 is reportedly affected.

Flaws are reported in the processing of the following environment variables:

XBOING_SCORE_FILE: 'highscore.c'
HOME: 'misc.c'
XBOING_LEVELS_DIR: 'demo.c', 'editor.c', 'file.c', and 'preview.c'.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC