Synopsis :

The remote Debian host is missing a security-related update.

Description :

Several vulnerabilities have been discovered in abuse, the SDL port of
the Abuse action game. The Common Vulnerabilities and Exposures
project identifies the following problems :

- CAN-2005-0098
Erik Sjölund discovered several buffer overflows in the
command line handling, which could lead to the execution
of arbitrary code with elevated privileges since it is
installed setuid root.

- CAN-2005-0099

Steve Kemp discovered that abuse creates some files
without dropping privileges first, which may lead to the
creation and overwriting of arbitrary files.

See also :

http://www.debian.org/security/2005/dsa-691

Solution :

Upgrade the abuse package.

For the stable distribution (woody) these problems have been fixed in
version 2.00+-3woody4.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)