Koules Svgalib Buffer Overflow Vulnerability
BID:1967
Info
Koules Svgalib Buffer Overflow Vulnerability
| Bugtraq ID: | 1967 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2000-1175 |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 20 2000 12:00AM |
| Updated: | Jul 11 2009 03:56AM |
| Credit: | This vulnerability was announced by Guido Bakker <[email protected]> on November 20, 2000. |
| Vulnerable: |
Jan Hubicka Koules 1.4 |
| Not Vulnerable: |
FreeBSD FreeBSD 4.2 Debian Linux 2.2 |
Discussion
Koules Svgalib Buffer Overflow Vulnerability
Koules is an original, arcade-style game authored by Jan Hubicka. The version using svgalib is usually installed setuid root so that it may access video hardware when being run at the console by regular users. This version contains a buffer overflow vulnerability that may allow a user to gain higher priviledges. The vulnerability exists in handling of user-supplied commandline arguments.
Successful exploitation of this vulnerability leads to root compromise. Debian has announced they are not vulnerable to this problem.
Koules is an original, arcade-style game authored by Jan Hubicka. The version using svgalib is usually installed setuid root so that it may access video hardware when being run at the console by regular users. This version contains a buffer overflow vulnerability that may allow a user to gain higher priviledges. The vulnerability exists in handling of user-supplied commandline arguments.
Successful exploitation of this vulnerability leads to root compromise. Debian has announced they are not vulnerable to this problem.
Exploit / POC
Koules Svgalib Buffer Overflow Vulnerability
Exploit available:
Exploit available:
Solution / Fix
Koules Svgalib Buffer Overflow Vulnerability
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Koules Svgalib Buffer Overflow Vulnerability
References:
References: