Press CTRL-D to bookmark us
Welcome Guest Login / Register / Members
Search in  
Top Submit newsSubscribe
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
 

 Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?
 
 Marbles Game HOME Environment Variable Buffer Overflow Lets Local Users Gain Elevated Privileges
Categorie: Vulnerability
Posted: 2003-09-29 by ReCall
Views: 355
Source: Click here
 		Current Rating: Not rated
Poor Best
 Details
Description: A buffer overflow vulnerability was reported in the Marbles game software. A local user may be able to obtain elevated privileges on the target system.

It is reported that there is a buffer overflow in the processing of the HOME environment variable. A local user can set the variable to a specially crafted value and then invoke Marbles to execute arbitrary code on the system. Because Marbles is configured with set group id (setgid) 'games' privileges, the code will run with 'games' group privileges.

The flaw resides in 'cfg.c' in the C_StPth() function.

Steve Kemp is credited with discovering this flaw.

Impact: A local user can execute arbitrary code with 'games' group privileges.

Solution: No solution was available at the time of this entry.
 
Syndication
Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=485

User comments (post your comments here)

Only registerd members can post comments and articles
 
Previous articleBack to news listNext article
 


InterJOB.su
Bookmark us | Set As Homepage | Advertising | Contact Us | Recomend us | Link us | Links | Terms

SpyLOG Page Rank Checker
LAST QUERIES