Vulnerabilities > CVE-2006-1539 - Unspecified vulnerability in Bsd-Games Tetris-Bsd Gold

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
bsd-games
nessus
NVD
Published: 2006-03-30
Updated: 2024-11-21

Summary

Multiple buffer overflows in the checkscores function in scores.c in tetris-bsd in bsd-games before 2.17-r1 in Gentoo Linux might allow local users with games group membership to gain privileges by modifying tetris-bsd.scores to contain crafted executable content, which is executed when another user launches tetris-bsd.

Vulnerable Configurations

Part Description Count
Application
Bsd-Games
1

Nessus

NASL familyGentoo Local Security Checks
NASL idGENTOO_GLSA-200603-26.NASL
descriptionThe remote host is affected by the vulnerability described in GLSA-200603-26 (bsd-games: Local privilege escalation in tetris-bsd) Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that the checkscores() function in scores.c reads in the data from the /var/games/tetris-bsd.scores file without validation, rendering it vulnerable to buffer overflows and incompatible with the system used for managing games on Gentoo Linux. As a result, it cannot be played securely on systems with multiple users. Please note that this is probably a Gentoo-specific issue. Impact : A local user who is a member of group
last seen2020-06-01
modified2020-06-02
plugin id21166
published2006-03-30
reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/21166
titleGLSA-200603-26 : bsd-games: Local privilege escalation in tetris-bsd

References