Bug 42457 (CVE-2003-0535) - VUL-0: CVE-2003-0535: buffer overflows in xbl
Summary: VUL-0: CVE-2003-0535: buffer overflows in xbl
Status: RESOLVED FIXED
Alias: CVE-2003-0535
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: i386 Linux
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Lukas Tinkl
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2003-0535: CVSS v2 Base Score: 7....
Keywords:
Depends on:
Blocks:
 
Reported: 2003-06-20 16:52 UTC by Olaf Kirch
Modified: 2021-10-03 13:27 UTC (History)
1 user (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Olaf Kirch 2003-06-20 16:52:31 UTC 
Steve Kemp discovered several buffer overflows in xbl, a game, which
can be triggered by long command line arguments.  This vulnerability
could be exploited by a local attacker to gain gid 'games'.

Patches should be available from the Debian bugfix packages.

It should be sufficient to fix this in STABLE. Thanks.
Comment 1 Petr Mladek 2003-06-20 17:18:53 UTC 
Ok, I will add the patch into STABLE for the next distribution.
Comment 2 Petr Mladek 2003-06-20 21:35:20 UTC 
Reassigned to the new maintainer.
Comment 3 Lukas Tinkl 2003-07-09 19:37:39 UTC 
Submitted the fixed package to czbuild.
Comment 4 Marcus Meissner 2007-03-24 15:54:37 UTC 
CVE-2003-0451 or CVE-2003-0535
Comment 5 Thomas Biege 2009-10-13 19:35:48 UTC 
CVE-2003-0535: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)