Vulnerability Bulletins

int(498)

Vulnerability Bulletins

Vulnerabilidad en los juegos conquest y omega-rpg
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Aumento de privilegios
Dificulty	Avanzado
Required attacker level	Acceso fisico
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	omega-rpg 0.90 conquest 7.2
Description
Se han descubierto 2 vulnerabilidades en dos juegos para Debian, Conquest y Omega-rpg respectivamente. La primera es un desbordamiento de búfer a la hora de manejar las variables de entorno en el juego Conquest. Lo que permitiría a un atacante local un acceso no autorizado al grupo conquest. La segunda vulnerabilidad es un desbordamiento de búfer a la hora de manejar las variables de entorno en el juego omega-rpg, lo que permitiría a un atacante local un acceso no autorizado al grupo Games. Aunque sólo Debian ha emitido un aviso acerca de esta vulnerabilidad, ésta afecta a todas las distribuciones GNU/Linux que incluyen estos juegos.
Solution
Actualizar software Debian Linux 3.0 Juego "Conquest" Source archives: http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1.dsc http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1.diff.gz http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1.orig.tar.gz Alpha architecture: http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_alpha.deb ARM architecture: http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_arm.deb Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_i386.deb Intel IA-64 architecture: http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_ia64.deb HP Precision architecture: http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_hppa.deb Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_m68k.deb Big endian MIPS architecture: http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_mips.deb Little endian MIPS architecture: http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_mipsel.deb PowerPC architecture: http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_powerpc.deb IBM S/390 architecture: http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_s390.deb Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_sparc.deb Juego "Omega-rpg" Source archives: http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1.dsc http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1.diff.gz http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9.orig.tar.gz Alpha architecture: http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_alpha.deb ARM architecture: http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_arm.deb Intel IA-32 architecture: http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_i386.deb Intel IA-64 architecture: http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_ia64.deb HP Precision architecture: http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_hppa.deb Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_m68k.deb Big endian MIPS architecture: http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_mips.deb Little endian MIPS architecture: http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_mipsel.deb PowerPC architecture: http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_powerpc.deb IBM S/390 architecture: http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_s390.deb Sun Sparc architecture: http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_sparc.deb
Standar resources
Property	Value
CVE	CAN-2003-0932 CAN-2003-0933
BID
Other resources
Debian Security Advisory DSA 400-1 http://www.linuxsecurity.com/advisories/debian_advisory-3776.html Debian Security Advisory DSA 398-1 http://www.linuxsecurity.com/advisories/debian_advisory-3772.html

Version history
Version	Comments	Date
1.0	Aviso emitido	2003-11-12

Vulnerability Bulletins

Vulnerabilidad en los juegos conquest y omega-rpg

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history