Package : typespeed Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2006-1515 Niko Tyni discovered a buffer overflow in the processing of network data in typespeed, a game for testing and improving typing speed, which could lead to the execution of arbitrary code. We also seem to be vulnerable to a format string bug that could allow local priv escalation: http://www.debian.org/security/2005/dsa-684
games team, please provide fixed ebuilds, thanks
package masked.
FYI: Upstream has released version 0.5.0, and according to the changelog there is a security fix (from the Debian team) included. I haven't looked at the code, but this might just be fixed by a version bump.
0.5.0 in portage
amd64 stable.
It must be because of the few beers I've taken that I was this slow with unix words but.. -- snip -- Typespeed v0.5.0 Your score was: Rank: Good Score: 436 10MRS: 2177 Total CPS: 4.178 Correct CPS: 3.629 Typo ratio: 13.1% Typorank: Pencil <- Insult!! :-) Press any key to continue... -- snip -- Good to go stable on x86. Portage 2.1 (default-linux/x86/2006.0, gcc-3.4.6, glibc-2.3.6-r3, 2.6.16-gentoo-r8 i686) ================================================================= System uname: 2.6.16-gentoo-r8 i686 AMD Athlon(tm) XP 2200+ Gentoo Base System version 1.6.14 dev-lang/python: 2.4.2 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1-r2 sys-devel/gcc-config: 1.3.13-r2 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=athlon-xp -O2 -pipe -g" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-march=athlon-xp -O2 -pipe -g" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig collision-protect distlocks metadata-transfer sandbox sfperms splitdebug strict" GENTOO_MIRRORS="http://trumpetti.atm.tut.fi/gentoo/" LANG="en_US.utf8" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://trumpetti.atm.tut.fi/gentoo-portage" USE="x86 3dnow 3dnowext X a52 aac alsa apm avi berkdb bitmap-fonts bzip2 cli crypt dri emboss encode ffmpeg flac fontconfig foomaticdb fortran gdbm gif gstreamer gtk gtk2 id3 imlib ipv6 isdnlog jpeg libg++ libwww mad mikmod mmx mmxext motif mp3 mp4live mpeg mpeg2 musicbrainz ncurses nptl nptlonly ogg opengl oss pam pcre pdflib perl pic player png pppd python quicktime readline reflection sdk sdl session spl sse ssl tcpd theora tiff truetype truetype-fonts type1-fonts udev unicode userlocales vorbis win32codecs xine xml xorg xv xvid zlib elibc_glibc kernel_linux userland_GNU" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY Thanks, drac
In 0.5.0 the highscore file format has changed. Just touching the files generates corrupt scorefiles. typespeed --makescores doesn't work because the wordlists are in a different directory. I've changed in file.c (typespeed-0.5.0-statedir-fix.patch): | - if ((n = scandir(".", &namelist, iswordl... | + if ((n = scandir("GENTOO_WORDLIST_PATH", &namelist, iswordl... and was able to create valid scorefiles via typespeed --makescores. Another thing: A reinstallation replaces the existing highscore files. Well these files are not really important.
fixed the scandir games_pkg_preinst() in the games.eclass should take care of saving/restoring files across installs/upgrades ... works on my machine
Stable on x86. Still "typespeed --makescores" is needed after the first installation and while upgrading the scorefiles aren't converted. (In reply to comment #8) > games_pkg_preinst() in the games.eclass should take care of saving/restoring > files across installs/upgrades ... works on my machine Sorry, works here too. Obviously i don't use games very often.
For GLSA: is dsa-684 really valid for us? Since you should have to be in the "games" group to play games anyway, there would be no privilege escalation here (Gentoo is a bit different from the others distros here as far as I can tell)...
According to CVE-2006-1515 it is remote.
I know, but DerCorny mentioned http://www.debian.org/security/2005/dsa-684 which I was refering to.
ppc stable
GLSA 200606-20
