|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2005-0099: abuse: two security-related bugs | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Thomas Biege <thomas> |
| Component: | Incidents | Assignee: | Lukas Tinkl <ltinkl> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | CVE-2005-0099: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N) | ||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | abuse-patch2.diff | ||
<!-- SBZ_reproduce --> - I forward you the patch in an email. Is there a corrected patch? The one you'd sent me didn't look ok. Do you mean parts liek this? - strcpy(name,argv[i]); + strncpy(name,argv[i],sizeof(name)-1); + name[sizeof(name)]='\0'; And the setuid() stuff? I'll rewrite it and attach it here... Created attachment 28150 [details]
abuse-patch2.diff
Patch for 9.0.
The code looks like it contains more "security gems" but it's a waste of time
to audit code of games. :)
Fixed package submitted CVE-2005-0099: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N) |
Hello Lukas, these two bugs should be fixed in stable. Thanks! Steve Kemp discovered several vulnerabilities in abuse, the SDL port of the Abuse action game, which could lead to the execution of arbitrary code with elevated privileges since it is installed setuid root. The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2005-0098 Buffer overflows in the command line handling. CAN-2005-0099 Insecure file creation may lead to the creation of arbitrary files. I'm attaching Steve's patches for both. Please let me know if we need coordination. Regards, Joey