Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 394499 (CVE-2011-4606) - <games-arcade/rocksndiamonds-3.3.0.1-r1 : world-writable working directory (CVE-2011-4606)
Summary: <games-arcade/rocksndiamonds-3.3.0.1-r1 : world-writable working directory (C...
Status: RESOLVED FIXED
Alias: CVE-2011-4606
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://bugs.debian.org/cgi-bin/bugrep...
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-12-12 23:44 UTC by Tim Sammut (RETIRED)
Modified: 2012-03-06 01:20 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2011-12-12 23:44:30 UTC 
From the Debian bug at $URL:

The ~/.rocksndiamonds directory and its subdirectories are created as 
writable to anybody. This allows an attacker to overwrite arbitrary 
files by doing this:
1) Delete the /home/victim/.rocksndiamonds/cache/artworkinfo.cache file.
2) Create new /home/victim/.rocksndiamonds/cache/artworkinfo.cache as a 
symlink to a file you want to overwrite.
3) Wait until the victim runs the game.

There is a proposed patch on the Red Hat bug at https://bugzilla.redhat.com/show_bug.cgi?id=766805.
Comment 1 Mr. Bones. (RETIRED) gentoo-dev 2011-12-13 04:15:30 UTC 
Added the patch and rev bumped it to force it out.
Comment 2 Agostino Sarubbo gentoo-dev 2011-12-13 09:38:00 UTC 
Mr. bones: 

I see that the ebuild have alreaady all stable keywords; have you tested it on all arches?
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2011-12-14 06:01:12 UTC 
GLSA Vote: no.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2011-12-15 18:50:47 UTC 
CVE-2011-4606 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4606):
  Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 allows
  local users to overwrite arbitrary files via a symlink attack on
  .rocksndiamonds/cache/artworkinfo.cache under a user's home directory.
Comment 5 Stefan Behte (RETIRED) gentoo-dev Security 2012-03-06 01:20:13 UTC 
Vote: No, closing noglsa.