Lgames LTris Local Global High Score File Buffer Overflow Vulnerability
BID:12851
Info
Lgames LTris Local Global High Score File Buffer Overflow Vulnerability
| Bugtraq ID: | 12851 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-0825 |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 25 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | The vendor announced this vulnerability. |
| Vulnerable: |
Lgames LTris 1.0.1 Gentoo Linux |
| Not Vulnerable: | |
Discussion
Lgames LTris Local Global High Score File Buffer Overflow Vulnerability
A buffer overflow vulnerability is reported to exist in LTris that may result in a local attacker obtaining elevated privileges. The flaw is reported to exist due to a lack of sufficient boundary checks performed when reading high-score data from the global LTris high-score file.
LTris versions prior to version 1.0.9 are reported prone to this issue.
A buffer overflow vulnerability is reported to exist in LTris that may result in a local attacker obtaining elevated privileges. The flaw is reported to exist due to a lack of sufficient boundary checks performed when reading high-score data from the global LTris high-score file.
LTris versions prior to version 1.0.9 are reported prone to this issue.
Exploit / POC
Lgames LTris Local Global High Score File Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Lgames LTris Local Global High Score File Buffer Overflow Vulnerability
Solution:
The vendor has addressed this vulnerability and fixes are available:
Gentoo has released an advisory (GLSA 200503-24) and an updated eBuild to address this vulnerability. Gentoo users that are running the affected software may apply the update by issuing the following sequence of commands as a superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=games-puzzle/ltris-1.0.10"
Lgames LTris 1.0.1
Solution:
The vendor has addressed this vulnerability and fixes are available:
Gentoo has released an advisory (GLSA 200503-24) and an updated eBuild to address this vulnerability. Gentoo users that are running the affected software may apply the update by issuing the following sequence of commands as a superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=games-puzzle/ltris-1.0.10"
Lgames LTris 1.0.1
-
LGames ltris-1.0.10.tar.gz
http://lgames.sourceforge.net/download.php?project=LTris&url=SOURCEFOR GE/lgames/ltris-1.0.10.tar.gz
References
Lgames LTris Local Global High Score File Buffer Overflow Vulnerability
References:
References:
- LTris (LGames)
- LTris 1.0.9 is out (LGames)