Multiple Buffer Overflow Vulnerabilities in xconq

Bugtraq ID:	1495
Class:	Boundary Condition Error
CVE:	CVE-2000-0617 CVE-2000-0618
Remote:	No
Local:	Yes
Published:	Jun 22 2000 12:00AM
Updated:	Jul 11 2009 02:56AM
Credit:	This vulnerability was first reported in a message to Bugtraq on June 22, 2000 by Stan Bubrouski <[email protected]>.
Vulnerable:	Stanley T. Shebs Xconq 7.2.2 - Redhat Linux 6.2 sparc - Redhat Linux 6.2 i386 - Redhat Linux 6.2 alpha - Redhat Linux 6.1 sparc - Redhat Linux 6.1 i386 - Redhat Linux 6.1 alpha - Redhat Linux 6.0 sparc - Redhat Linux 6.0 alpha - Redhat Linux 6.0
Not Vulnerable:

Multiple Buffer Overflow Vulnerabilities in xconq

Xconq is a multiple player strategy game available for many unix platforms. It contains a number of buffer overflow vulnerabilities including the ability to overflow stack buffers with either the DISPLAY or the USER environment variables. The Redhat Linux Xconq package installs the game with SGID 'games' privileges allowing an attacker to compromise the local 'games' group.

Multiple Buffer Overflow Vulnerabilities in xconq

This exploit was contributed by Chris Sharp <[email protected]> on December 25, 2000.

• /data/vulnerabilities/exploits/xxconq.c
• /data/vulnerabilities/exploits/

Multiple Buffer Overflow Vulnerabilities in xconq

Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Multiple Buffer Overflow Vulnerabilities in xconq

References: