Secunia Security Advisory - Debian has issued an update for bsdgames. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
d14808bab8083511b5aa2bb4c24c7f91cf80728f771709e451ab988597b018f0
TITLE:
Debian update for bsdgames
SECUNIA ADVISORY ID:
SA19687
VERIFY ADVISORY:
http://secunia.com/advisories/19687/
CRITICAL:
Not critical
IMPACT:
Privilege escalation
WHERE:
Local system
OPERATING SYSTEM:
Debian GNU/Linux unstable alias sid
http://secunia.com/product/530/
Debian GNU/Linux 3.1
http://secunia.com/product/5307/
Debian GNU/Linux 3.0
http://secunia.com/product/143/
DESCRIPTION:
Debian has issued an update for bsdgames. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.
The vulnerability is caused due to a boundary error in the "sail"
game when handling player names. This can be exploited via an overly
long player name to cause a buffer overflow and execute arbitrary
code with "games" group privileges.
SOLUTION:
Apply patches.
-- Debian GNU/Linux 3.0 alias woody --
Source archives:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0.dsc
Size/MD5 checksum: 619 0cbc1e14e3f0b4984e8d98985c6d1f6a
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0.diff.gz
Size/MD5 checksum: 11953 3df403ce4490285f5cd42c2be3b28157
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13.orig.tar.gz
Size/MD5 checksum: 2340094 cf33f61ce1f0c09a7473ac26a4a0a6ec
Alpha architecture:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_alpha.deb
Size/MD5 checksum: 951546 01c6877b6279474d70038c04769fe10b
ARM architecture:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_arm.deb
Size/MD5 checksum: 825156 aa85fd9b7d5b1b0686d617f70c986415
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_i386.deb
Size/MD5 checksum: 792272 0df5fd34239cdaf52e77b51bd964fec1
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_ia64.deb
Size/MD5 checksum: 1080424 f6c31e672b7fb022957fdf5ffffcc2b3
HP Precision architecture:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_hppa.deb
Size/MD5 checksum: 902062 ce94b4c1236ff0a547b8787542163a99
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_m68k.deb
Size/MD5 checksum: 773600 e9e234782008e026f4f9d6fcfcc3663c
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_mips.deb
Size/MD5 checksum: 886536 90b5e1cb86e8a6af42238312377b0b3e
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_mipsel.deb
Size/MD5 checksum: 877910 bc782bfdbf7f06c7c0493e8087c0e0c2
PowerPC architecture:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_powerpc.deb
Size/MD5 checksum: 844230 79740beab215f0bbe9c2db402f618980
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_s390.deb
Size/MD5 checksum: 831284 668c366d766dfde80fad3db29022f20a
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_sparc.deb
Size/MD5 checksum: 928022 b122af325cfdbc115a4f65ace24acf67
-- Debian GNU/Linux 3.1 alias sarge --
Source archives:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1.dsc
Size/MD5 checksum: 640 4f711fd516a61813f1a3365699b5228e
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1.diff.gz
Size/MD5 checksum: 11320 a83f445ca93fcc857e23774658adf6e0
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17.orig.tar.gz
Size/MD5 checksum: 2563311 238a38a3a017ca9b216fc42bde405639
Alpha architecture:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_alpha.deb
Size/MD5 checksum: 1174660 5efca9433af26290a847a2038e0ae4e6
AMD64 architecture:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_amd64.deb
Size/MD5 checksum: 1026244 131a5f257d2dd1318e035b24ac0fab2a
ARM architecture:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_arm.deb
Size/MD5 checksum: 990704 f20c4c664fc79a956e9fb8e1d83fc4dd
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_i386.deb
Size/MD5 checksum: 963154 521cc98b003db27c2bbf05afba7cea27
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_ia64.deb
Size/MD5 checksum: 1312824 fb241efb5d1e5fb2d81ac95884e5ce6c
HP Precision architecture:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_hppa.deb
Size/MD5 checksum: 1090242 358e7b6a7b3e3bd64dcee450a188ca88
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_m68k.deb
Size/MD5 checksum: 915186 ca87f4cfd2269b14e01e9a5e477ae572
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_mips.deb
Size/MD5 checksum: 1123552 2760a604b73c3790bc03d822642a57c3
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_mipsel.deb
Size/MD5 checksum: 1113750 f33c43e795393cce5c4970da3337d85c
PowerPC architecture:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_powerpc.deb
Size/MD5 checksum: 1050436 3bf8227a181b7884559c7061ea693335
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_s390.deb
Size/MD5 checksum: 1029590 5ec74d0de424b23f5e2bbc39673e30bb
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_sparc.deb
Size/MD5 checksum: 998460 11ae88f58a70f60aad5ccbb62e96f211
-- Debian GNU/Linux unstable alias sid --
Fixed in version 2.17-7.
PROVIDED AND/OR DISCOVERED BY:
deepstar
ORIGINAL ADVISORY:
Debian:
http://www.us.debian.org/security/2006/dsa-1036
Fun University:
http://www.pulltheplug.org/fu/?q=node/56
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------