bsd-games: Local privilege escalation in tetris-bsd

1. Gentoo Linux Security Advisory

Advisory Reference	GLSA 200603-26 / bsd-games
Release Date	March 29, 2006
Latest Revision	May 22, 2006: 02
Impact	normal
Exploitable	local

Package	Vulnerable versions	Unaffected versions	Architecture(s)
games-misc/bsd-games	< 2.17-r1	>= 2.17-r1	All supported architectures

Related bugreports: #122399

Synopsis

tetris-bsd is prone to local privilege escalation vulnerabilities.

2. Impact Information

Background

bsd-games is a collection of NetBSD games ported to Linux.

Description

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that the checkscores() function in scores.c reads in the data from the /var/games/tetris-bsd.scores file without validation, rendering it vulnerable to buffer overflows and incompatible with the system used for managing games on Gentoo Linux. As a result, it cannot be played securely on systems with multiple users. Please note that this is probably a Gentoo-specific issue.

Impact

A local user who is a member of group "games" may be able to modify the tetris-bsd.scores file to trigger the execution of arbitrary code with the privileges of other players.

3. Resolution Information

Workaround

Do not add untrusted users to the "games" group.

Resolution

All bsd-games users are advised to update to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=games-misc/bsd-games-2.17-r1"

4. References

CVE-2006-1539

Page updated March 29, 2006

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.