First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 24002
Alias:
Product:
Component:
Status: RESOLVED
Resolution: INVALID
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Daniel Ahlberg (RETIRED) <aliz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 24002 depends on: Show dependency tree
Bug 24002 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2003-07-06 13:43 0000 
-------------------------------------------------------------------------- 
Debian Security Advisory DSA 334-1                     security@debian.org 
http://www.debian.org/security/                             Matt Zimmerman 
June 28th, 2003                         http://www.debian.org/security/faq 
-------------------------------------------------------------------------- 
 
Package        : xgalaga 
Vulnerability  : buffer overflows 
Problem-Type   : local 
Debian-specific: no 
CVE Ids        : CAN-2003-0454 
 
Steve Kemp discovered several buffer overflows in xgalaga, a game, 
which can be triggered by a long HOME environment variable.  This 
vulnerability could be exploited by a local attacker to gain gid 
'games'.

------- Comment #1 From Gerardo Di Giacomo 2003-09-20 16:35:05 0000 ------- 
xgalaga has not setuid flag by default. If it's still vulnerable, it can't give
elevtaed privileges.

------- Comment #2 From SpanKY 2003-09-20 20:32:53 0000 ------- 
yeah, we're not vulnerable, but i'd still like to add a patch if one exists

in other words, we dont need a GLSA, we just want a patch ;)

------- Comment #3 From Gerardo Di Giacomo 2003-09-21 03:39:49 0000 ------- 
i see that there's already a patch for that vuln...

     if((home = getenv("HOME"))) {
-       sprintf(my_file_name, "%s/.xgalscores", home);
[...]
+       snprintf(my_file_name, sizeof(my_file_name)-1, "%s/.xgalscores", home);


in the diff that is download with xgalaga.

So we don't need a patch :)

------- Comment #4 From SpanKY 2003-09-21 09:15:54 0000 ------- 
excellent :)
First Last Prev Next    No search results available      Search page      Enter new bug