Bug 42457 (CVE-2003-0535)

Summary: VUL-0: CVE-2003-0535: buffer overflows in xbl
Product: [Novell Products] SUSE Security Incidents Reporter: Olaf Kirch <okir>
Component: IncidentsAssignee: Lukas Tinkl <ltinkl>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: i386   
OS: Linux   
Whiteboard: CVE-2003-0535: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Olaf Kirch 2003-06-20 16:52:31 UTC 
Steve Kemp discovered several buffer overflows in xbl, a game, which
can be triggered by long command line arguments.  This vulnerability
could be exploited by a local attacker to gain gid 'games'.

Patches should be available from the Debian bugfix packages.

It should be sufficient to fix this in STABLE. Thanks.
Comment 1 Petr Mladek 2003-06-20 17:18:53 UTC 
Ok, I will add the patch into STABLE for the next distribution.
Comment 2 Petr Mladek 2003-06-20 21:35:20 UTC 
Reassigned to the new maintainer.
Comment 3 Lukas Tinkl 2003-07-09 19:37:39 UTC 
Submitted the fixed package to czbuild.
Comment 4 Marcus Meissner 2007-03-24 15:54:37 UTC 
CVE-2003-0451 or CVE-2003-0535
Comment 5 Thomas Biege 2009-10-13 19:35:48 UTC 
CVE-2003-0535: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)