TITLE: Debian update for bsdgames SECUNIA ADVISORY ID: SA19687 VERIFY ADVISORY: http://secunia.com/advisories/19687/ CRITICAL: Not critical IMPACT: Privilege escalation WHERE: Local system OPERATING SYSTEM: Debian GNU/Linux unstable alias sid http://secunia.com/product/530/ Debian GNU/Linux 3.1 http://secunia.com/product/5307/ Debian GNU/Linux 3.0 http://secunia.com/product/143/ DESCRIPTION: Debian has issued an update for bsdgames. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a boundary error in the "sail" game when handling player names. This can be exploited via an overly long player name to cause a buffer overflow and execute arbitrary code with "games" group privileges. SOLUTION: Apply patches. -- Debian GNU/Linux 3.0 alias woody -- Source archives: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0.dsc Size/MD5 checksum: 619 0cbc1e14e3f0b4984e8d98985c6d1f6a http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0.diff.gz Size/MD5 checksum: 11953 3df403ce4490285f5cd42c2be3b28157 http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13.orig.tar.gz Size/MD5 checksum: 2340094 cf33f61ce1f0c09a7473ac26a4a0a6ec Alpha architecture: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_alpha.deb Size/MD5 checksum: 951546 01c6877b6279474d70038c04769fe10b ARM architecture: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_arm.deb Size/MD5 checksum: 825156 aa85fd9b7d5b1b0686d617f70c986415 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_i386.deb Size/MD5 checksum: 792272 0df5fd34239cdaf52e77b51bd964fec1 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_ia64.deb Size/MD5 checksum: 1080424 f6c31e672b7fb022957fdf5ffffcc2b3 HP Precision architecture: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_hppa.deb Size/MD5 checksum: 902062 ce94b4c1236ff0a547b8787542163a99 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_m68k.deb Size/MD5 checksum: 773600 e9e234782008e026f4f9d6fcfcc3663c Big endian MIPS architecture: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_mips.deb Size/MD5 checksum: 886536 90b5e1cb86e8a6af42238312377b0b3e Little endian MIPS architecture: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_mipsel.deb Size/MD5 checksum: 877910 bc782bfdbf7f06c7c0493e8087c0e0c2 PowerPC architecture: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_powerpc.deb Size/MD5 checksum: 844230 79740beab215f0bbe9c2db402f618980 IBM S/390 architecture: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_s390.deb Size/MD5 checksum: 831284 668c366d766dfde80fad3db29022f20a Sun Sparc architecture: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_sparc.deb Size/MD5 checksum: 928022 b122af325cfdbc115a4f65ace24acf67 -- Debian GNU/Linux 3.1 alias sarge -- Source archives: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1.dsc Size/MD5 checksum: 640 4f711fd516a61813f1a3365699b5228e http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1.diff.gz Size/MD5 checksum: 11320 a83f445ca93fcc857e23774658adf6e0 http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17.orig.tar.gz Size/MD5 checksum: 2563311 238a38a3a017ca9b216fc42bde405639 Alpha architecture: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_alpha.deb Size/MD5 checksum: 1174660 5efca9433af26290a847a2038e0ae4e6 AMD64 architecture: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_amd64.deb Size/MD5 checksum: 1026244 131a5f257d2dd1318e035b24ac0fab2a ARM architecture: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_arm.deb Size/MD5 checksum: 990704 f20c4c664fc79a956e9fb8e1d83fc4dd Intel IA-32 architecture: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_i386.deb Size/MD5 checksum: 963154 521cc98b003db27c2bbf05afba7cea27 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_ia64.deb Size/MD5 checksum: 1312824 fb241efb5d1e5fb2d81ac95884e5ce6c HP Precision architecture: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_hppa.deb Size/MD5 checksum: 1090242 358e7b6a7b3e3bd64dcee450a188ca88 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_m68k.deb Size/MD5 checksum: 915186 ca87f4cfd2269b14e01e9a5e477ae572 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_mips.deb Size/MD5 checksum: 1123552 2760a604b73c3790bc03d822642a57c3 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_mipsel.deb Size/MD5 checksum: 1113750 f33c43e795393cce5c4970da3337d85c PowerPC architecture: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_powerpc.deb Size/MD5 checksum: 1050436 3bf8227a181b7884559c7061ea693335 IBM S/390 architecture: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_s390.deb Size/MD5 checksum: 1029590 5ec74d0de424b23f5e2bbc39673e30bb Sun Sparc architecture: http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_sparc.deb Size/MD5 checksum: 998460 11ae88f58a70f60aad5ccbb62e96f211 -- Debian GNU/Linux unstable alias sid -- Fixed in version 2.17-7. PROVIDED AND/OR DISCOVERED BY: deepstar ORIGINAL ADVISORY: Debian: http://www.us.debian.org/security/2006/dsa-1036 Fun University: http://www.pulltheplug.org/fu/?q=node/56 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------