FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rockdodger -- buffer overflows

Affected packages
rockdodger < 0.6_3

Details

VuXML ID 2b4d5288-447e-11d9-9ebb-000854d03344
Discovery 2004-10-29
Entry 2004-12-02

The environment variable HOME is copied without regard to buffer size, which can be used to gain elevated privilege if the binary is installed setgid games, and a string is read from the high score file without bounds check.

The port installs the binary without setgid, but with a world-writable high score file.

References

URL http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278878

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.