GNU Chess '-s' Local Buffer Overflow Vulnerability
BID:9553
Info
GNU Chess '-s' Local Buffer Overflow Vulnerability
| Bugtraq ID: | 9553 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 02 2004 12:00AM |
| Updated: | Feb 02 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to "ace sk8" <[email protected]>. |
| Vulnerable: |
GNU Chess 5.0 6 GNU Chess 5.0 5 GNU Chess 5.0 3beta GNU Chess 5.0 2 |
| Not Vulnerable: | |
Discussion
GNU Chess '-s' Local Buffer Overflow Vulnerability
It has been reported that GNU Chess is prone to a buffer overflow issue that may allow an attacker to gain elevated privileges.
The problem is present due to improper handling of user-supplied data from command line parameters. A local attacker may leverage the issue by exploiting an unbounded memory copy operation to overwrite the saved return address/base pointer, causing the affected procedures to return to an address of their choice.
It has been reported that GNU Chess is prone to a buffer overflow issue that may allow an attacker to gain elevated privileges.
The problem is present due to improper handling of user-supplied data from command line parameters. A local attacker may leverage the issue by exploiting an unbounded memory copy operation to overwrite the saved return address/base pointer, causing the affected procedures to return to an address of their choice.
Exploit / POC
GNU Chess '-s' Local Buffer Overflow Vulnerability
The following proof of concept has been supplied:
The following proof of concept has been supplied:
Solution / Fix
GNU Chess '-s' Local Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.