Title: Abuse Multiple Local Privilege Escalation Vulnerabilities
Severity: HIGH
Description:
Abuse is a popular side-scrolling video game. It is available for Linux and Unix operating systems. Abuse-SDL is a port of Abuse that allows for greater color depth.
Abuse is reported prone to multiple vulnerabilities. The following individual issues are reported:
Abuse is reported prone to multiple local buffer overflow vulnerabilities that occur while handling command line arguments. Details regarding these issues are not available at the time of writing.
It is reported that a local attacker may exploit these issues to execute arbitrary code with superuser privileges as the affected binary is installed with the setuid root bit set.
Abuse is also reported prone to an insecure file creation vulnerability. It is reported that certain unspecified files are created without dropping privileges first; reports indicate that this issue may be leveraged to overwrite arbitrary files with superuser privileges.
This BID will be updated as soon as further information is available.
Affected Products:
- Abuse Abuse 2.0.0
- Debian Linux 3.0.0 alpha
- Debian Linux 3.0.0 arm
- Debian Linux 3.0.0 hppa
- Debian Linux 3.0.0 ia-32
- Debian Linux 3.0.0 ia-64
- Debian Linux 3.0.0 m68k
- Debian Linux 3.0.0 mips
- Debian Linux 3.0.0 mipsel
- Debian Linux 3.0.0 ppc
- Debian Linux 3.0.0 s/390
- Debian Linux 3.0.0 sparc
References:
- Abuse-SDL: Abuse-SDL
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
