Tetris-BSD Tetris-bsd.scores Local Privilege Escalation Vulnerability

Bugtraq ID:	17308
Class:	Design Error
CVE:
Remote:	No
Local:	Yes
Published:	Mar 29 2006 12:00AM
Updated:	Mar 29 2006 09:43PM
Credit:	Tavis Ormandy disclosed this vulnerability.
Vulnerable:	Gentoo Linux
Not Vulnerable:

Tetris-BSD Tetris-bsd.scores Local Privilege Escalation Vulnerability

Tetris-BSD is prone to a local privilege-escalation vulnerability. The issue results from a design error.

A local attacker can leverage this issue to exploit latent vulnerabilities in applications by overwriting shared game data files.

Tetris-BSD Tetris-bsd.scores Local Privilege Escalation Vulnerability

An exploit is not required.

Tetris-BSD Tetris-bsd.scores Local Privilege Escalation Vulnerability

Solution:

The vendor has released Gentoo Security Advisory GLSA 200603-26 to address this issue; please see the referenced advisory for further details.

Tetris-BSD Tetris-bsd.scores Local Privilege Escalation Vulnerability

References:

• CVE-2015-7513 Kernel: kvm: divide by zero issue leads to DoS (Prasad J Pandit)
  
• [Full-disclosure] [ GLSA 200603-26 ] bsd-games: Local privilege escalation in te (Stefan Cornelius )