BSD-Games pl_main.c 缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195425 漏洞类型 缓冲区溢出
发布时间 2006-04-06 更新时间 2006-12-07
CVE编号 CVE-2006-1744 CNNVD-ID CNNVD-200604-182
漏洞平台 N/A CVSS评分 4.6
|漏洞来源
https://www.securityfocus.com/bid/17401
https://cxsecurity.com/issue/WLB-2006040064
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-182
|漏洞详情
BSDgames2.17-7之前的版本中的pl_main.c存在缓冲区溢出。这使得本地用户可以借助于在scanf函数调用中使用的长的玩家名称执行任意代码。
|漏洞EXP
--
Debian Security Advisory DSA 1036-1                    security (at) debian (dot) org [email concealed]
http://www.debian.org/security/                                 Steve Kemp
April 17th, 2006                        http://www.debian.org/security/faq
- ------------------------------------------------------------------------
--

Package        : bsdgames
Vulnerability  : buffer overflow
Problem type   : local
Debian-specific: no
Debian Bug     : 360989
CVE ID         : CVE-2006-1744

A buffer overflow problem has been discovered in sail, a game contained
in the bsdgames package, a collection of classic textual Unix games, which
could lead to games group privilege escalation.

For the old stable distribution (woody) this problem has been fixed in
version 2.13-7woody0.

For the stable distribution (sarge) this problem has been fixed in
version 2.7.59-7sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 2.17-7.

We recommend that you upgrade your bsdgames package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7w
oody0.dsc
      Size/MD5 checksum:      619 0cbc1e14e3f0b4984e8d98985c6d1f6a
    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7w
oody0.diff.gz
      Size/MD5 checksum:    11953 3df403ce4490285f5cd42c2be3b28157
    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13.or
ig.tar.gz
      Size/MD5 checksum:  2340094 cf33f61ce1f0c09a7473ac26a4a0a6ec

Alpha architecture:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7w
oody0_alpha.deb
      Size/MD5 checksum:   951546 01c6877b6279474d70038c04769fe10b

ARM architecture:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7w
oody0_arm.deb
      Size/MD5 checksum:   825156 aa85fd9b7d5b1b0686d617f70c986415

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7w
oody0_i386.deb
      Size/MD5 checksum:   792272 0df5fd34239cdaf52e77b51bd964fec1

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7w
oody0_ia64.deb
      Size/MD5 checksum:  1080424 f6c31e672b7fb022957fdf5ffffcc2b3

HP Precision architecture:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7w
oody0_hppa.deb
      Size/MD5 checksum:   902062 ce94b4c1236ff0a547b8787542163a99

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7w
oody0_m68k.deb
      Size/MD5 checksum:   773600 e9e234782008e026f4f9d6fcfcc3663c

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7w
oody0_mips.deb
      Size/MD5 checksum:   886536 90b5e1cb86e8a6af42238312377b0b3e

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7w
oody0_mipsel.deb
      Size/MD5 checksum:   877910 bc782bfdbf7f06c7c0493e8087c0e0c2

PowerPC architecture:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7w
oody0_powerpc.deb
      Size/MD5 checksum:   844230 79740beab215f0bbe9c2db402f618980

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7w
oody0_s390.deb
      Size/MD5 checksum:   831284 668c366d766dfde80fad3db29022f20a

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7w
oody0_sparc.deb
      Size/MD5 checksum:   928022 b122af325cfdbc115a4f65ace24acf67

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1s
arge1.dsc
      Size/MD5 checksum:      640 4f711fd516a61813f1a3365699b5228e
    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1s
arge1.diff.gz
      Size/MD5 checksum:    11320 a83f445ca93fcc857e23774658adf6e0
    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17.or
ig.tar.gz
      Size/MD5 checksum:  2563311 238a38a3a017ca9b216fc42bde405639

Alpha architecture:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1s
arge1_alpha.deb
      Size/MD5 checksum:  1174660 5efca9433af26290a847a2038e0ae4e6

AMD64 architecture:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1s
arge1_amd64.deb
      Size/MD5 checksum:  1026244 131a5f257d2dd1318e035b24ac0fab2a

ARM architecture:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1s
arge1_arm.deb
      Size/MD5 checksum:   990704 f20c4c664fc79a956e9fb8e1d83fc4dd

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1s
arge1_i386.deb
      Size/MD5 checksum:   963154 521cc98b003db27c2bbf05afba7cea27

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1s
arge1_ia64.deb
      Size/MD5 checksum:  1312824 fb241efb5d1e5fb2d81ac95884e5ce6c

HP Precision architecture:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1s
arge1_hppa.deb
      Size/MD5 checksum:  1090242 358e7b6a7b3e3bd64dcee450a188ca88

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1s
arge1_m68k.deb
      Size/MD5 checksum:   915186 ca87f4cfd2269b14e01e9a5e477ae572

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1s
arge1_mips.deb
      Size/MD5 checksum:  1123552 2760a604b73c3790bc03d822642a57c3

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1s
arge1_mipsel.deb
      Size/MD5 checksum:  1113750 f33c43e795393cce5c4970da3337d85c

PowerPC architecture:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1s
arge1_powerpc.deb
      Size/MD5 checksum:  1050436 3bf8227a181b7884559c7061ea693335

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1s
arge1_s390.deb
      Size/MD5 checksum:  1029590 5ec74d0de424b23f5e2bbc39673e30bb

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1s
arge1_sparc.deb
      Size/MD5 checksum:   998460 11ae88f58a70f60aad5ccbb62e96f211

These files will probably be moved into the stable distribution on
  its next update.

- ------------------------------------------------------------------------
---------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEQ1V4Xm3vHE4uyloRAoA8AJ4s7din/cXclukgbL6lYyjkyqhXaQCgxxdv
3+uOL2eiejdTQYMt/GPamGA=
=cyiV
-----END PGP SIGNATURE-----
|受影响的产品
Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1
|参考资料

来源:OSVDB
名称:24634
链接:http://www.osvdb.org/24634
来源:DEBIAN
名称:DSA-1036
链接:http://www.debian.org/security/2006/dsa-1036
来源:SECUNIA
名称:19687
链接:http://secunia.com/advisories/19687
来源:BID
名称:17401
链接:http://www.securityfocus.com/bid/17401
来源:MISC
链接:http://www.pulltheplug.org/fu/?q=node/56
来源:bugs.debian.org
链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360989
来源:SREASON
名称:736
链接:http://securityreason.com/securityalert/736