Vulnerabilities > CVE-2002-1389 - Local Buffer Overflow vulnerability in Typespeed 0.4/0.4.1

047910
CVSS 4.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
typespeed
nessus

Summary

Buffer overflow in typespeed 0.4.2 and earlier allows local users to gain privileges via long input.

Vulnerable Configurations

Part Description Count
Application
Typespeed
2

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-217.NASL
descriptionA problem has been discovered in the typespeed, a game that lets you measure your typematic speed. By overflowing a buffer a local attacker could execute arbitrary commands under the group id games.
last seen2020-06-01
modified2020-06-02
plugin id15054
published2004-09-29
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/15054
titleDebian DSA-217-1 : typespeed - buffer overflow
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-217. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(15054);
  script_version("1.17");
  script_cvs_date("Date: 2019/08/02 13:32:17");

  script_cve_id("CVE-2002-1389");
  script_xref(name:"DSA", value:"217");

  script_name(english:"Debian DSA-217-1 : typespeed - buffer overflow");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A problem has been discovered in the typespeed, a game that lets you
measure your typematic speed. By overflowing a buffer a local attacker
could execute arbitrary commands under the group id games."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2002/dsa-217"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the typespeed package.

For the current stable distribution (woody) this problem has been
fixed in version 0.4.1-2.1.

For the old stable distribution (potato) this problem has been fixed
in version 0.4.0-5.1."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:typespeed");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2002/12/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"2.2", prefix:"typespeed", reference:"0.4.0-5.1")) flag++;
if (deb_check(release:"3.0", prefix:"typespeed", reference:"0.4.1-2.1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");