Package: xgalaga Version: 2.0.34-30 Severity: important Tags: security xgalaga is sgid and reads/writes from ~/.xgalscores. This is a potentially dangerous combination and I've found one potential security hole in it.
The code tries to be fairly safe, and it does not seem vulnerable to symlink attacks with ~/.xgalscores since it does a setgid(getegid) before writing to the file and then setgids back afterwards. However, the code to read the ~/.xgalscores runs as gid games and contains bugs that allow xgalaga to segfault on certian files. I've attached one such file, which makes xgalaga crash so bad it corrupts its stack and I can't see in gdb what the actual issue is. At a guess, buffer overrun. So there is the possibility of running shellcode as gid games here. -- see shy jo
No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date No name , 0, 0,No date joey , 37101, 15,Fri Jan 31 10:21:35 2003
signature.asc
Description: Digital signature
