GLSA-200603-26 : bsd-games: Local privilege escalation in tetris-bsd

high Nessus Plugin ID 21166

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200603-26 (bsd-games: Local privilege escalation in tetris-bsd)

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that the checkscores() function in scores.c reads in the data from the /var/games/tetris-bsd.scores file without validation, rendering it vulnerable to buffer overflows and incompatible with the system used for managing games on Gentoo Linux. As a result, it cannot be played securely on systems with multiple users. Please note that this is probably a Gentoo-specific issue.
Impact :

A local user who is a member of group 'games' may be able to modify the tetris-bsd.scores file to trigger the execution of arbitrary code with the privileges of other players.
Workaround :

Do not add untrusted users to the 'games' group.

Solution

All bsd-games users are advised to update to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=games-misc/bsd-games-2.17-r1'

See Also

https://security.gentoo.org/glsa/200603-26

Plugin Details

Severity: High

ID: 21166

File Name: gentoo_GLSA-200603-26.nasl

Version: 1.15

Type: local

Published: 3/30/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:bsd-games, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 3/29/2006

Vulnerability Publication Date: 3/29/2006

Reference Information

CVE: CVE-2006-1539

GLSA: 200603-26