Summary: | <games-sports/torcs-1.3.3: acc Buffer Overflow Vulnerability (CVE-2011-4620) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | KinG-InFeT <king.infet> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | games, n1ghtmare | ||||
Priority: | Normal | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://torcs.sourceforge.net/index.php?name=News&file=article&sid=79, http://www.1337day.com/exploits/17290, http://torcs.sourceforge.net/ | ||||||
Whiteboard: | B2 [noglsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Bug Depends on: | 398743, 415909 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
KinG-InFeT
2012-01-04 19:47:36 UTC
Created attachment 297963 [details]
exploit public
@games, can you check if there is a fix for it? TIA the exploit has just come out so I can not even tell you So if you can modify the data in /usr/share/games you can run code as whatever user runs the games that read that data? News at 11. How is this interesting? anyway is fixed in TORCS-1.3.2-test2 Here we talk about the bug and there is also a patch to fix the bug. http://sourceforge.net/mailarchive/forum.php?set=custom&viewmonth=&viewday=&forum_name=torcs-devel&style=nested&max_rows=25&submit=Change+View update a new version: https://bugs.gentoo.org/show_bug.cgi?id=399895 *** Bug 399895 has been marked as a duplicate of this bug. *** because you have not yet updated the ebuild? a bug left, expects progress from version 1.3.1 to 1.3.2 ebuild for safety tests. Version 1.3.2 is also bugged by buffer overflow: http://www.1337day.com/exploits/17500?utm_source=dlvr.it&utm_medium=twitter *** Bug 405487 has been marked as a duplicate of this bug. *** from the changelog you can see that the bug has been fixed
> Fixed another possible buffer overflow reported by Andres Gomez (Andres, Bernhard).
you must upgrade it to version 1.3.3 as soon as possible, using a dump and delete the old ebuild vulnerable.
added the links for 1.3.3 version and changelog. I testing on x86 plathform torcs v1.3.3 version bump (1.3.3) requirement!!!! UP updated to 1.3.4 (In reply to comment #17) > updated to 1.3.4 Thank you, Julian. Do we know if 1.3.4 fixes this issue? 1.3.6 is in the tree. unable to locate any relevant information to confirm this vulnerability is fixed. If no one else has anything I will close this soon Confirmed bug was fixed in 1.3.3. http://www.vuxml.org/freebsd/ba51c2f7-5b43-11e1-8288-00262d5ed8ee.html Additional information: http://plugins.openvas.org/nasl.php?oid=71167 No vote on a very old bug. |