Bug 65317 - (CVE-2005-0099) VUL-0: CVE-2005-0099: abuse: two security-related bugs
(CVE-2005-0099)
VUL-0: CVE-2005-0099: abuse: two security-related bugs
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
All Linux
: P3 - Medium : Normal
: ---
Assigned To: Lukas Tinkl
Security Team bot
CVE-2005-0099: CVSS v2 Base Score: 2....
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-01-31 17:24 UTC by Thomas Biege
Modified: 2021-11-08 14:57 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
abuse-patch2.diff (4.79 KB, patch)
2005-02-03 01:45 UTC, Thomas Biege
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2005-01-31 17:24:52 UTC
Hello Lukas, 
these two bugs should be fixed in stable. 
Thanks! 
 
Steve Kemp discovered several vulnerabilities in abuse, the SDL port 
of the Abuse action game, which could lead to the execution of 
arbitrary code with elevated privileges since it is installed setuid 
root.  The Common Vulnerabilities and Exposures project identifies the 
following problems: 
 
CAN-2005-0098 
 
    Buffer overflows in the command line handling. 
 
CAN-2005-0099 
 
    Insecure file creation may lead to the creation of arbitrary 
    files. 
 
I'm attaching Steve's patches for both.  Please let me know if we 
need coordination. 
 
Regards, 
 
        Joey
Comment 1 Thomas Biege 2005-01-31 17:24:52 UTC
<!-- SBZ_reproduce  -->
-
Comment 2 Thomas Biege 2005-01-31 17:25:49 UTC
I forward you the patch in an email. 
Comment 3 Lukas Tinkl 2005-02-02 19:05:17 UTC
Is there a corrected patch? The one you'd sent me didn't look ok.
Comment 4 Thomas Biege 2005-02-03 00:54:18 UTC
Do you mean parts liek this?

-      strcpy(name,argv[i]);
+      strncpy(name,argv[i],sizeof(name)-1);
+      name[sizeof(name)]='\0';

And the setuid() stuff?

I'll rewrite it and attach it here...
Comment 5 Thomas Biege 2005-02-03 01:45:46 UTC
Created attachment 28150 [details]
abuse-patch2.diff

Patch for 9.0.

The code looks like it contains more "security gems" but it's a waste of time
to audit code of games. :)
Comment 6 Lukas Tinkl 2005-02-07 21:59:26 UTC
Fixed package submitted
Comment 7 Thomas Biege 2009-10-13 21:00:59 UTC
CVE-2005-0099: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N)