Typespeed: Remote execution of arbitrary code
Gentoo Linux Security Advisory
||GLSA 200606-20 / typespeed
||June 19, 2006
||June 19, 2006: 01
All supported architectures
A buffer overflow in the network code of Typespeed can lead to the
execution of arbitrary code.
Typespeed is a game to test and practice 10-finger-typing. Network code
allows two users to compete head-to-head.
Niko Tyni discovered a buffer overflow in the addnewword() function of
Typespeed's network code.
By sending specially crafted network packets to a machine running
Typespeed in multiplayer mode, a remote attacker can execute arbitrary
code with the permissions of the user running the game.
Do not run Typespeed in multiplayer mode. There is no known workaround
at this time for multiplayer mode.
All Typespeed users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=games-misc/typespeed-0.5.0"