82241 – games-misc/typespeed: arbitrary group games code execution

Bug 82241 - games-misc/typespeed: arbitrary group games code execution

Summary: games-misc/typespeed: arbitrary group games code execution

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://lists.debian.org/debian-securi...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-02-16 05:33 UTC by Jean-François Brunette (RETIRED)
Modified:	2005-02-16 06:23 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jean-François Brunette (RETIRED) gentoo-dev

2005-02-16 05:33:32 UTC

Ulf H

Comment 1 Jean-François Brunette (RETIRED) gentoo-dev

2005-02-16 05:33:32 UTC

Ulf Härnhammar from the Debian Security Audit Project discovered a problem in typespeed, a touch-typist trainer disguised as game. This could lead to a local attacker executing arbitrary code as group games.

Comment 2 Thierry Carrez (RETIRED) gentoo-dev

2005-02-16 06:23:09 UTC

Our typespeed is not SGID games or SUID whatever. So you can just execute code as yourself...