LGames LBreakout2 Multiple Environment Variable Buffer Overflow Vulnerabilites
BID:9712
Info
LGames LBreakout2 Multiple Environment Variable Buffer Overflow Vulnerabilites
| Bugtraq ID: | 9712 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-0158 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 21 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | Discovery of this issue is credited to Ulf Harnhammar. |
| Vulnerable: |
Lgames LBreakout2 2.2.2 Lgames LBreakout2 2.2.1 Lgames LBreakout2 2.2 Lgames LBreakout2 2.2 Lgames LBreakout2 2.1.2 Lgames LBreakout2 2.1.1 Lgames LBreakout2 2.1 Lgames LBreakout2 2.0.1 Lgames LBreakout2 2.0 |
| Not Vulnerable: | |
Discussion
LGames LBreakout2 Multiple Environment Variable Buffer Overflow Vulnerabilites
Multiple buffer overflow vulnerabilities exist in the environment variable handling of LBreakout2. The issue is due to an insufficient boundary checking of certain environment variables used by the affected application.
A malicious user may exploit this condition to potentially corrupt sensitive process memory in the affected process and ultimately execute arbitrary code with the privileges of the game process.
Multiple buffer overflow vulnerabilities exist in the environment variable handling of LBreakout2. The issue is due to an insufficient boundary checking of certain environment variables used by the affected application.
A malicious user may exploit this condition to potentially corrupt sensitive process memory in the affected process and ultimately execute arbitrary code with the privileges of the game process.
Exploit / POC
LGames LBreakout2 Multiple Environment Variable Buffer Overflow Vulnerabilites
The following exploit was released:
The following exploit was released:
Solution / Fix
LGames LBreakout2 Multiple Environment Variable Buffer Overflow Vulnerabilites
Solution:
Debian Linux has released advisory DSA 445-1 dealing with this issue.
Lgames LBreakout2 2.2.2
Solution:
Debian Linux has released advisory DSA 445-1 dealing with this issue.
Lgames LBreakout2 2.2.2
-
Debian lbreakout2_2.2.2-1
Sun Sparc Architecture:
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2 .2.2-1 -
Debian lbreakout2_2.2.2-1woody1_alpha.deb
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2 .2.2-1woody1_alpha.deb -
Debian lbreakout2_2.2.2-1woody1_arm.deb
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2 .2.2-1woody1_arm.deb -
Debian lbreakout2_2.2.2-1woody1_hppa.deb
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2 .2.2-1woody1_hppa.deb -
Debian lbreakout2_2.2.2-1woody1_i386.deb
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2 .2.2-1woody1_i386.deb -
Debian lbreakout2_2.2.2-1woody1_ia64.deb
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2 .2.2-1woody1_ia64.deb -
Debian lbreakout2_2.2.2-1woody1_m68k.deb
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2 .2.2-1woody1_m68k.deb -
Debian lbreakout2_2.2.2-1woody1_mips.deb
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2 .2.2-1woody1_mips.deb -
Debian lbreakout2_2.2.2-1woody1_powerpc.deb
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2 .2.2-1woody1_powerpc.deb -
Debian lbreakout2_2.2.2-1woody1_s390.deb
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2 .2.2-1woody1_s390.deb
References
LGames LBreakout2 Multiple Environment Variable Buffer Overflow Vulnerabilites
References:
References:
- LBreakout2 (LGames)