Linley Henzell Dungeon Crawl Unspecified Local Buffer Overflow Vulnerability
BID:9566
Info
Linley Henzell Dungeon Crawl Unspecified Local Buffer Overflow Vulnerability
| Bugtraq ID: | 9566 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 03 2004 12:00AM |
| Updated: | Feb 03 2004 12:00AM |
| Credit: | The disclosure of this issue has been credited to Steve Kemp from the GNU/Linux audit project. |
| Vulnerable: |
Linley Henzell Crawl 4.0 BETA 26 Linley Henzell Crawl 4.0 BETA 23 Linley Henzell Crawl 4.0 |
| Not Vulnerable: | |
Discussion
Linley Henzell Dungeon Crawl Unspecified Local Buffer Overflow Vulnerability
It has been reported that Linley Henzell Dungeon Crawl may be prone to a local buffer overflow vulnerability that may allow an attacker to ultimately execute arbitrary code in the context of the affected application. The software copies various environment variables into a fixed size buffer without proper bounds checking. An attacker may pass excessive data to a vulnerable application via an affected environment variable.
Crawl 4.0.0 beta 26 and prior may be prone to this issue.
It has been reported that Linley Henzell Dungeon Crawl may be prone to a local buffer overflow vulnerability that may allow an attacker to ultimately execute arbitrary code in the context of the affected application. The software copies various environment variables into a fixed size buffer without proper bounds checking. An attacker may pass excessive data to a vulnerable application via an affected environment variable.
Crawl 4.0.0 beta 26 and prior may be prone to this issue.
Exploit / POC
Linley Henzell Dungeon Crawl Unspecified Local Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Linley Henzell Dungeon Crawl Unspecified Local Buffer Overflow Vulnerability
Solution:
Debian has released an advisory DSA 432-1 to address this issue. Please see the referenced advisory for more information.
Linley Henzell Crawl 4.0 BETA 23
Solution:
Debian has released an advisory DSA 432-1 to address this issue. Please see the referenced advisory for more information.
Linley Henzell Crawl 4.0 BETA 23
-
Debian crawl_4.0.0beta23-2woody1_alpha.deb
Alpha architecture.
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23 -2woody1_alpha.deb -
Debian crawl_4.0.0beta23-2woody1_arm.deb
ARM architecture.
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23 -2woody1_arm.deb -
Debian crawl_4.0.0beta23-2woody1_hppa.deb
HP Precision architecture.
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23 -2woody1_hppa.deb -
Debian crawl_4.0.0beta23-2woody1_i386.deb
Intel IA-32 architecture.
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23 -2woody1_i386.deb -
Debian crawl_4.0.0beta23-2woody1_ia64.deb
Intel IA-64 architecture.
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23 -2woody1_ia64.deb -
Debian crawl_4.0.0beta23-2woody1_m68k.deb
Motorola 680x0 architecture.
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23 -2woody1_m68k.deb -
Debian crawl_4.0.0beta23-2woody1_mips.deb
Big endian MIPS architecture.
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23 -2woody1_mips.deb -
Debian crawl_4.0.0beta23-2woody1_mipsel.deb
Little endian MIPS architecture.
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23 -2woody1_mipsel.deb -
Debian crawl_4.0.0beta23-2woody1_powerpc.deb
PowerPC architecture.
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23 -2woody1_powerpc.deb -
Debian crawl_4.0.0beta23-2woody1_s390.deb
IBM S/390 architecture.
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23 -2woody1_s390.deb -
Debian crawl_4.0.0beta23-2woody1_sparc.deb
Sun Sparc architecture.
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23 -2woody1_sparc.deb
References
Linley Henzell Dungeon Crawl Unspecified Local Buffer Overflow Vulnerability
References:
References:
- Dungeon Crawl Homepage (Linley Henzell)