Vulnerabilities > CVE-2003-0685 - Unspecified vulnerability in Netris 0.3/0.4/0.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in Netris 0.52 and earlier, and possibly other versions, allows remote malicious Netris servers to execute arbitrary code on netris clients via a long server response.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
| NASL family | Debian Local Security Checks |
| NASL id | DEBIAN_DSA-372.NASL |
| description | Shaun Colley discovered a buffer overflow vulnerability in netris, a network version of a popular puzzle game. A netris client connecting to an untrusted netris server could be sent an unusually long data packet, which would be copied into a fixed-length buffer without bounds checking. This vulnerability could be exploited to gain the privileges of the user running netris in client mode, if they connect to a hostile netris server. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 15209 |
| published | 2004-09-29 |
| reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/15209 |
| title | Debian DSA-372-1 : netris - buffer overflow |