GTetrinet: Remote code execution
1.
Gentoo Linux Security Advisory
Version Information
| Advisory Reference |
GLSA 200609-02 / GTetrinet |
| Release Date |
September 06, 2006 |
| Latest Revision |
September 07, 2006: 02 |
| Impact |
normal |
| Exploitable |
remote |
| Package |
Vulnerable versions |
Unaffected versions |
Architecture(s) |
| games-puzzle/gtetrinet |
<
0.7.10 |
>=
0.7.10 |
All supported architectures
|
Related bugreports:
#144867
Synopsis
GTetrinet is vulnerable to a remote buffer overflow, potentially leading to
arbitrary code execution.
2.
Impact Information
Background
GTetrinet is a networked Tetris clone for GNOME 2.
Description
Michael Gehring has found that GTetrinet fails to properly handle array
indexes.
Impact
An attacker can potentially execute arbitrary code by sending a
negative number of players to the server.
3.
Resolution Information
Workaround
There is no known workaround at this time.
Resolution
All GTetrinet users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=games-puzzle/gtetrinet-0.7.10"
|
4.
References
|
