|
Bugtraq
mailing list archives
Re: Buffer Overflow in Spider game
From: van Helsing <vh () helith net>
Date: Tue, 5 Oct 2004 07:56:53 +0200
On Mon, 4 Oct 2004 20:23:46 +0100
Steve Kemp <steve () steve org uk> wrote:
On Sun, Oct 03, 2004 at 12:05:23PM +0300, Security Team wrote:
A vulnerability has been discovered in the game spider, an
application contained in the Debian GNU/Linux distribution.
The vulnerability allows a local attacker to gain elevated
privileges by overflowing the -s parameter.
Impact:
The attacker can gain group privileges. By default "games".
Neither Debian stable nor unstable contain any spider binaries
setuid or setgid.
*cut the linux crap ;)*
He didn't said DEBIAN is affected.
He just said it's contained in Debian.
I would take "contained" as example.... not as "only affected".
And he also didn't said something about getting r00t.
Just group privileges... (getting "games"-gid.. w00w00 ;)).
Even Debian dosn't setuid/setguid spider it's include and I'm sure the
author wouldn't report things wich don't work.
So get the "games"-gid with this error and be happy. ;-)
And spend honor to the guys who allow the "games"-group to use adduser. :)
vh
Attachment:
_bin
Description:
 By Date 
By Thread
Current thread:
| 
Intro
