FreeBSD : rockdodger -- buffer overflows (2b4d5288-447e-11d9-9ebb-000854d03344)
High Nessus Plugin ID 18885
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe environment variable HOME is copied without regard to buffer size, which can be used to gain elevated privilege if the binary is installed setgid games, and a string is read from the high score file without bounds check.
The port installs the binary without setgid, but with a world-writable high score file.
SolutionUpdate the affected package.