lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040315233602.30032.qmail@www.securityfocus.com>
Date: 15 Mar 2004 23:36:02 -0000
From: Angelo Rosiello <angelo.rosiello@...amail.com>
To: bugtraq@...urityfocus.com
Subject: Crafty Game Stack Overflow & Exploit





                   Copyright © Rosiello Security 
                      http://www.rosiello.org


ADVISORY: http://www.rosiello.org/en/read_bugs.php?18
BACKGROUND: by SecurityTracker
EXPLOIT: http://www.rosiello.org/archivio/crafty.zip

Impact: Execution of arbitrary code via local system, User access via local system 
Version(s): 19.3 and prior versions 
Description: A vulnerability was reported in the Crafty game. A local user may be able to gain elevated privileges on the target system, depending on the configuration. 

It is reported that 'crafty.bin' does not properly check the bounds of user-supplied command line data. A local user can supply specially crafted values to trigger a buffer overflow and execute arbitrary code with the privileges of Crafty. On some Linux distributions, Crafty is installed with set group id (setgid) 'games' group privileges. 

Steve Kemp reported this vulnerability. 

Impact: A local user can execute arbitrary code with the privileges of Crafty, which may be 'games' group privileges on some distributions. 

Solution: It appears that no upstream fix was available at the time of this entry. The vendor notes that Crafty is not installed with set user id (setuid) or set group id (setgid) privileges, so there would be no security impact. However, some Linux distributions may install with setuid or setgid privileges. 

Vendor URL: www.limunltd.com/crafty/ (Links to External Site) 
Cause: Boundary error 
Underlying OS: Linux (Any), UNIX (Any) 

The exploit contains a bruteforce written in perl to get run time the right offset of the machine.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ