Hello!
> 1- fscanf vulnerability when reading hi-scores in Nethack (and derivatives)
> 2- the 'games' group can write to the save file location and hi-score location
>From the shell? Eeh..
> Consequently: if a user can write to the hi-score location he can write a
> modified file that exploits the fscanf() vuln and have other users playing
> the same game run arbitrary code.
That is quite retorted, yes, but there is a possibility of real-life
exploitation. You have to walk the line (as Mr Cash would have said): if you
publish advisories about problems with too low severity, admins bitch and stop
taking them seriously -- especially the ones who only find extremely big
problems like the remote sendmail attack worthy of their time. If you publish
too few advisories and treat them as bugs, systems are left with
vulnerabilities until the admins upgrade to a new OS, which could take years.
It should also be noted that many Unix machines only have one person using them
(legitimately) these days, so global highscore systems aren't that interesting
unless they are network based. The old days of scruffy students gathering
around the expensive Unix machine and its terminals at the university to play
games are long gone.
// Ulf
--
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 8 at http://www.opera.com
Powered by Outblaze
|
