LTris: Buffer overflow
1.
Gentoo Linux Security Advisory
Version Information
| Advisory Reference |
GLSA 200503-24 / LTris |
| Release Date |
March 20, 2005 |
| Latest Revision |
March 20, 2005: 01 |
| Impact |
normal |
| Exploitable |
local |
| Package |
Vulnerable versions |
Unaffected versions |
Architecture(s) |
| games-puzzle/ltris |
<
1.0.10 |
>=
1.0.10 |
All supported architectures
|
Related bugreports:
#85770
Synopsis
LTris is vulnerable to a buffer overflow which could lead to the execution
of arbitrary code.
2.
Impact Information
Background
LTris is a Tetris clone.
Description
LTris is vulnerable to a buffer overflow when reading the global
highscores file.
Impact
By modifying the global highscores file a malicious user could
trick another user to execute arbitrary code.
3.
Resolution Information
Workaround
There is no known workaround at this time.
Resolution
All LTris users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=games-puzzle/ltris-1.0.10"
|
|
