Lim Unlimited Crafty Command Line Local Buffer Overflow Vulnerability
BID:9893
Info
Lim Unlimited Crafty Command Line Local Buffer Overflow Vulnerability
| Bugtraq ID: | 9893 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 16 2004 12:00AM |
| Updated: | Mar 16 2004 12:00AM |
| Credit: | The disclosure of this issue has been credited to Steve Kemp. |
| Vulnerable: |
Lim Unlimited Crafty 19.3 |
| Not Vulnerable: | |
Discussion
Lim Unlimited Crafty Command Line Local Buffer Overflow Vulnerability
It has been reported that Crafty game program may be prone to a local buffer overflow vulnerability that may allow an attacker to execute arbitrary code in order to gain elevated privileges. The issue presents itself due to insufficient bounds checking performed by 'crafty.bin' on user-supplied data via the command line.
This problem could result in the execution of arbitrary code in the context of the vulnerable process, and may result in a local user gaining elevated privileges.
Crafty versions 19.3 and prior are reportedly affected by this issue.
It has been reported that Crafty game program may be prone to a local buffer overflow vulnerability that may allow an attacker to execute arbitrary code in order to gain elevated privileges. The issue presents itself due to insufficient bounds checking performed by 'crafty.bin' on user-supplied data via the command line.
This problem could result in the execution of arbitrary code in the context of the vulnerable process, and may result in a local user gaining elevated privileges.
Crafty versions 19.3 and prior are reportedly affected by this issue.
Exploit / POC
Lim Unlimited Crafty Command Line Local Buffer Overflow Vulnerability
Exploit code can be obtained from the following location:
http://www.rosiello.org/archivio/crafty.zip
Exploit code can be obtained from the following location:
http://www.rosiello.org/archivio/crafty.zip
Solution / Fix
Lim Unlimited Crafty Command Line Local Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Lim Unlimited Crafty Command Line Local Buffer Overflow Vulnerability
References:
References:
- Crafty Homepage (Lim Unlimited)
- Crafty Game Stack Overflow & Exploit (Angelo Rosiello