Gentoo Logo

bsd-games: Local privilege escalation in tetris-bsd

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200603-26 / bsd-games
Release Date March 29, 2006
Latest Revision May 22, 2006: 02
Impact normal
Exploitable local
Package Vulnerable versions Unaffected versions Architecture(s)
games-misc/bsd-games < 2.17-r1 >= 2.17-r1 All supported architectures

Related bugreports: #122399

Synopsis

tetris-bsd is prone to local privilege escalation vulnerabilities.

2.  Impact Information

Background

bsd-games is a collection of NetBSD games ported to Linux.

Description

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that the checkscores() function in scores.c reads in the data from the /var/games/tetris-bsd.scores file without validation, rendering it vulnerable to buffer overflows and incompatible with the system used for managing games on Gentoo Linux. As a result, it cannot be played securely on systems with multiple users. Please note that this is probably a Gentoo-specific issue.

Impact

A local user who is a member of group "games" may be able to modify the tetris-bsd.scores file to trigger the execution of arbitrary code with the privileges of other players.

3.  Resolution Information

Workaround

Do not add untrusted users to the "games" group.

Resolution

All bsd-games users are advised to update to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=games-misc/bsd-games-2.17-r1"

4.  References



Print

Page updated March 29, 2006

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.