Vulnerabilities > CVE-2002-1245 - Unspecified vulnerability in Frank Mcingvale Luxman 0.41
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN frank-mcingvale
nessus
Summary
Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable that points to a Trojan horse gzip program.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Debian Local Security Checks |
| NASL id | DEBIAN_DSA-189.NASL |
| description | iDEFENSE reported about a vulnerability in LuxMan, a maze game for GNU/Linux, similar to the PacMan arcade game. When successfully exploited a local attacker gains read-write access to the memory, leading to a local root compromise in many ways, examples of which include scanning the file for fragments of the master password file and modifying kernel memory to re-map system calls. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 15026 |
| published | 2004-09-29 |
| reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/15026 |
| title | Debian DSA-189-1 : luxman - local root exploit |
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0062.html
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0062.html
- http://marc.info/?l=bugtraq&m=103660334009855&w=2
- http://marc.info/?l=bugtraq&m=103660334009855&w=2
- http://www.debian.org/security/2002/dsa-189
- http://www.debian.org/security/2002/dsa-189
- http://www.idefense.com/advisory/11.06.02.txt
- http://www.idefense.com/advisory/11.06.02.txt
- http://www.iss.net/security_center/static/10549.php
- http://www.iss.net/security_center/static/10549.php
- http://www.securityfocus.com/bid/6113
- http://www.securityfocus.com/bid/6113