FreeBSD : rockdodger -- buffer overflows (2b4d5288-447e-11d9-9ebb-000854d03344)

High Nessus Plugin ID 18885


The remote FreeBSD host is missing a security-related update.


The environment variable HOME is copied without regard to buffer size, which can be used to gain elevated privilege if the binary is installed setgid games, and a string is read from the high score file without bounds check.

The port installs the binary without setgid, but with a world-writable high score file.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 18885

File Name: freebsd_pkg_2b4d5288447e11d99ebb000854d03344.nasl

Version: $Revision: 1.9 $

Type: local

Published: 2005/07/13

Modified: 2013/06/21

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:rockdodger, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2004/12/02

Vulnerability Publication Date: 2004/10/29