BSD-Games pl_main.c 缓冲区溢出漏洞

CNNVD-ID编号	CNNVD-200604-182
CVE编号	CVE-2006-1744
发布时间	2006-04-12
更新时间	2006-04-26
漏洞类型	缓冲区溢出
漏洞来源	Discovery is credited to Anibal L. Sacco .
危险等级	中危
威胁类型	本地
厂商	joey_hess

漏洞介绍

BSDgames 2.17-7之前的版本中的pl_main.c存在缓冲区溢出。这使得本地用户可以借助于在scanf函数调用中使用的长的玩家名称执行任意代码。

漏洞补丁

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

bsd-games bsd-games 2.17

Debian bsdgames_2.17-1sarge1_alpha.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17- 1sarge1_alpha.deb

Debian bsdgames_2.17-1sarge1_amd64.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17- 1sarge1_amd64.deb

Debian bsdgames_2.17-1sarge1_arm.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17- 1sarge1_arm.deb

Debian bsdgames_2.17-1sarge1_hppa.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17- 1sarge1_hppa.deb

Debian bsdgames_2.17-1sarge1_i386.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17- 1sarge1_i386.deb

Debian bsdgames_2.17-1sarge1_ia64.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17- 1sarge1_ia64.deb

Debian bsdgames_2.17-1sarge1_m68k.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17- 1sarge1_m68k.deb

Debian bsdgames_2.17-1sarge1_mips.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17- 1sarge1_mips.deb

Debian bsdgames_2.17-1sarge1_mipsel.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17- 1sarge1_mipsel.deb

Debian bsdgames_2.17-1sarge1_powerpc.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17- 1sarge1_powerpc.deb

Debian bsdgames_2.17-1sarge1_s390.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17- 1sarge1_s390.deb

Debian bsdgames_2.17-1sarge1_sparc.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17- 1sarge1_sparc.deb

bsd-games bsd-games 2.13

Debian bsdgames_2.13-7woody0_alpha.deb

Debian GNU/Linux 3.0 alias woody

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13- 7woody0_alpha.deb

Debian bsdgames_2.13-7woody0_arm.deb

Debian GNU/Linux 3.0 alias woody

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13- 7woody0_arm.deb

Debian bsdgames_2.13-7woody0_hppa.deb

Debian GNU/Linux 3.0 alias woody

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13- 7woody0_hppa.deb

Debian bsdgames_2.13-7woody0_i386.deb

Debian GNU/Linux 3.0 alias woody

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13- 7woody0_i386.deb

Debian bsdgames_2.13-7woody0_ia64.deb

Debian GNU/Linux 3.0 alias woody

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13- 7woody0_ia64.deb

Debian bsdgames_2.13-7woody0_m68k.deb

Debian GNU/Linux 3.0 alias woody

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13- 7woody0_m68k.deb

Debian bsdgames_2.13-7woody0_mips.deb

Debian GNU/Linux 3.0 alias woody

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13- 7woody0_mips.deb

Debian bsdgames_2.13-7woody0_mipsel.deb

Debian GNU/Linux 3.0 alias woody

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13- 7woody0_mipsel.deb

Debian bsdgames_2.13-7woody0_powerpc.deb

Debian GNU/Linux 3.0 alias woody

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13- 7woody0_powerpc.deb

Debian bsdgames_2.13-7woody0_s390.deb

Debian GNU/Linux 3.0 alias woody

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13- 7woody0_s390.deb

Debian bsdgames_2.13-7woody0_sparc.deb

Debian GNU/Linux 3.0 alias woody

http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13- 7woody0_sparc.deb

参考网址

来源: OSVDB

名称: 24634

链接：http://www.osvdb.org/24634
来源: DEBIAN

名称: DSA-1036

链接：http://www.debian.org/security/2006/dsa-1036
来源: SECUNIA

名称: 19687

链接：http://secunia.com/advisories/19687
来源: BID

名称: 17401

链接：http://www.securityfocus.com/bid/17401
来源: MISC

链接：http://www.pulltheplug.org/fu/?q=node/56
来源: bugs.debian.org

链接：http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360989

受影响实体

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-182

行业资讯-文章归档问答-问答归档