Bugzilla – Bug 65317
VUL-0: CVE-2005-0099: abuse: two security-related bugs
Last modified: 2021-11-08 14:57:48 UTC
these two bugs should be fixed in stable.
Steve Kemp discovered several vulnerabilities in abuse, the SDL port
of the Abuse action game, which could lead to the execution of
arbitrary code with elevated privileges since it is installed setuid
root. The Common Vulnerabilities and Exposures project identifies the
Buffer overflows in the command line handling.
Insecure file creation may lead to the creation of arbitrary
I'm attaching Steve's patches for both. Please let me know if we
<!-- SBZ_reproduce -->
I forward you the patch in an email.
Is there a corrected patch? The one you'd sent me didn't look ok.
Do you mean parts liek this?
And the setuid() stuff?
I'll rewrite it and attach it here...
Created attachment 28150 [details]
Patch for 9.0.
The code looks like it contains more "security gems" but it's a waste of time
to audit code of games. :)
Fixed package submitted
CVE-2005-0099: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N)