Debian update for bsdgames - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

Debian update for bsdgames

Secunia Advisory:	SA19687
Release Date:	2006-04-17

Critical:	Not critical
Impact:	Privilege escalation
Where:	Local system
Solution Status:	Vendor Patch

OS:	Debian GNU/Linux 3.0 Debian GNU/Linux 3.1 Debian GNU/Linux unstable alias sid


CVE reference:	CVE-2006-1744 (Secunia mirror)

	Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS!

Description: Debian has issued an update for bsdgames. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a boundary error in the "sail" game when handling player names. This can be exploited via an overly long player name to cause a buffer overflow and execute arbitrary code with "games" group privileges. Solution: Apply patches. -- Debian GNU/Linux 3.0 alias woody -- Source archives: http://security.debian.org/pool/updat.../b/bsdgames/bsdgames_2.13-7woody0.dsc Size/MD5 checksum: 619 0cbc1e14e3f0b4984e8d98985c6d1f6a http://security.debian.org/pool/updat...sdgames/bsdgames_2.13-7woody0.diff.gz Size/MD5 checksum: 11953 3df403ce4490285f5cd42c2be3b28157 http://security.debian.org/pool/updat.../b/bsdgames/bsdgames_2.13.orig.tar.gz Size/MD5 checksum: 2340094 cf33f61ce1f0c09a7473ac26a4a0a6ec Alpha architecture: http://security.debian.org/pool/updat...games/bsdgames_2.13-7woody0_alpha.deb Size/MD5 checksum: 951546 01c6877b6279474d70038c04769fe10b ARM architecture: http://security.debian.org/pool/updat...sdgames/bsdgames_2.13-7woody0_arm.deb Size/MD5 checksum: 825156 aa85fd9b7d5b1b0686d617f70c986415 Intel IA-32 architecture: http://security.debian.org/pool/updat...dgames/bsdgames_2.13-7woody0_i386.deb Size/MD5 checksum: 792272 0df5fd34239cdaf52e77b51bd964fec1 Intel IA-64 architecture: http://security.debian.org/pool/updat...dgames/bsdgames_2.13-7woody0_ia64.deb Size/MD5 checksum: 1080424 f6c31e672b7fb022957fdf5ffffcc2b3 HP Precision architecture: http://security.debian.org/pool/updat...dgames/bsdgames_2.13-7woody0_hppa.deb Size/MD5 checksum: 902062 ce94b4c1236ff0a547b8787542163a99 Motorola 680x0 architecture: http://security.debian.org/pool/updat...dgames/bsdgames_2.13-7woody0_m68k.deb Size/MD5 checksum: 773600 e9e234782008e026f4f9d6fcfcc3663c Big endian MIPS architecture: http://security.debian.org/pool/updat...dgames/bsdgames_2.13-7woody0_mips.deb Size/MD5 checksum: 886536 90b5e1cb86e8a6af42238312377b0b3e Little endian MIPS architecture: http://security.debian.org/pool/updat...ames/bsdgames_2.13-7woody0_mipsel.deb Size/MD5 checksum: 877910 bc782bfdbf7f06c7c0493e8087c0e0c2 PowerPC architecture: http://security.debian.org/pool/updat...mes/bsdgames_2.13-7woody0_powerpc.deb Size/MD5 checksum: 844230 79740beab215f0bbe9c2db402f618980 IBM S/390 architecture: http://security.debian.org/pool/updat...dgames/bsdgames_2.13-7woody0_s390.deb Size/MD5 checksum: 831284 668c366d766dfde80fad3db29022f20a Sun Sparc architecture: http://security.debian.org/pool/updat...games/bsdgames_2.13-7woody0_sparc.deb Size/MD5 checksum: 928022 b122af325cfdbc115a4f65ace24acf67 -- Debian GNU/Linux 3.1 alias sarge -- Source archives: http://security.debian.org/pool/updat.../b/bsdgames/bsdgames_2.17-1sarge1.dsc Size/MD5 checksum: 640 4f711fd516a61813f1a3365699b5228e http://security.debian.org/pool/updat...sdgames/bsdgames_2.17-1sarge1.diff.gz Size/MD5 checksum: 11320 a83f445ca93fcc857e23774658adf6e0 http://security.debian.org/pool/updat.../b/bsdgames/bsdgames_2.17.orig.tar.gz Size/MD5 checksum: 2563311 238a38a3a017ca9b216fc42bde405639 Alpha architecture: http://security.debian.org/pool/updat...games/bsdgames_2.17-1sarge1_alpha.deb Size/MD5 checksum: 1174660 5efca9433af26290a847a2038e0ae4e6 AMD64 architecture: http://security.debian.org/pool/updat...games/bsdgames_2.17-1sarge1_amd64.deb Size/MD5 checksum: 1026244 131a5f257d2dd1318e035b24ac0fab2a ARM architecture: http://security.debian.org/pool/updat...sdgames/bsdgames_2.17-1sarge1_arm.deb Size/MD5 checksum: 990704 f20c4c664fc79a956e9fb8e1d83fc4dd Intel IA-32 architecture: http://security.debian.org/pool/updat...dgames/bsdgames_2.17-1sarge1_i386.deb Size/MD5 checksum: 963154 521cc98b003db27c2bbf05afba7cea27 Intel IA-64 architecture: http://security.debian.org/pool/updat...dgames/bsdgames_2.17-1sarge1_ia64.deb Size/MD5 checksum: 1312824 fb241efb5d1e5fb2d81ac95884e5ce6c HP Precision architecture: http://security.debian.org/pool/updat...dgames/bsdgames_2.17-1sarge1_hppa.deb Size/MD5 checksum: 1090242 358e7b6a7b3e3bd64dcee450a188ca88 Motorola 680x0 architecture: http://security.debian.org/pool/updat...dgames/bsdgames_2.17-1sarge1_m68k.deb Size/MD5 checksum: 915186 ca87f4cfd2269b14e01e9a5e477ae572 Big endian MIPS architecture: http://security.debian.org/pool/updat...dgames/bsdgames_2.17-1sarge1_mips.deb Size/MD5 checksum: 1123552 2760a604b73c3790bc03d822642a57c3 Little endian MIPS architecture: http://security.debian.org/pool/updat...ames/bsdgames_2.17-1sarge1_mipsel.deb Size/MD5 checksum: 1113750 f33c43e795393cce5c4970da3337d85c PowerPC architecture: http://security.debian.org/pool/updat...mes/bsdgames_2.17-1sarge1_powerpc.deb Size/MD5 checksum: 1050436 3bf8227a181b7884559c7061ea693335 IBM S/390 architecture: http://security.debian.org/pool/updat...dgames/bsdgames_2.17-1sarge1_s390.deb Size/MD5 checksum: 1029590 5ec74d0de424b23f5e2bbc39673e30bb Sun Sparc architecture: http://security.debian.org/pool/updat...games/bsdgames_2.17-1sarge1_sparc.deb Size/MD5 checksum: 998460 11ae88f58a70f60aad5ccbb62e96f211 -- Debian GNU/Linux unstable alias sid -- Fixed in version 2.17-7. Provided and/or discovered by: deepstar Original Advisory: Debian: http://www.us.debian.org/security/2006/dsa-1036 Fun University: http://www.pulltheplug.org/fu/?q=node/56



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

1351 Related Secunia Security Advisories, displaying 10

1. Debian update for postfix

2. Debian update for pdns

3. Debian update for httracker

4. Debian update for opensc

5. Debian update for cupsys

6. Debian update for libxslt

7. Debian update for newsx

8. Debian update for ruby1.9

9. Debian update for python2.5

10. Debian update for icedove

Show all related advisories

Send Feedback to Secunia

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Opera Multiple Vulnerabilities

2.	Folder Lock Weak Password Encryption Security Issue

3.	vBulletin Private Message Subject Script Insertion

4.	Anzio Web Print Object (WePO) ActiveX Component "mainurl" Buffer Overflow

5.	neon "parse_domain() " Denial of Service Vulnerability

6.	SunShop Shopping Cart class.ajax.php SQL Injection Vulnerabilities

7.	Programs Rating "id" SQL Injection Vulnerability

8.	URL Rotator Script "id" SQL Injection Vulnerability

9.	Short Url & Url Tracker Script "id" SQL Injection Vulnerability

10.	PHP Live Helper Multiple Vulnerabilities