LTris Buffer Overflow in Processing Highscores File May Let Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1013477 |
|
SecurityTracker URL: http://securitytracker.com/id/1013477
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Mar 19 2005
|
Impact:
Execution of arbitrary code via local system, User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 1.0.9
|
Description:
A vulnerability was reported in the LTris game. A local user may be able to obtain elevated privileges.
A local user with access to the highscores file can modify the file. Then, when a target user loads the game, a buffer overflow will be triggered and arbitrary code will be executed with the privileges of the target user.
The flaw resides in 'chart.c'.
|
Impact:
A local user can cause arbitrary code to be executed with the privileges of the target user.
|
Solution:
The vendor has issued a fixed version (1.0.9 or later), available at:
http://lgames.sourceforge.net/index.php?project=LTris
|
Vendor URL: lgames.sourceforge.net/index.php?project=LTris (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Fri, 18 Mar 2005 21:23:35 -0500
Subject: http://lgames.sourceforge.net/index.php?action=show_news&news_action=show_item&item_id=108
|
> LTris 1.0.9 is out - Jan 25th 10:45 2005
> This release provides a fix for a security issue: If a user had access to the global
> highscores file, it could cause a buffer overflow when other users start the game.
> This allowed for running code on another's user id.
|
|
