-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NetBSD Security Advisory 2006-018
=================================
Topic: sail(6), dm(8) and tetris(6) buffer overflows
Version: NetBSD-current: source prior to June 01, 2006
NetBSD 3.0: affected
NetBSD 2.1: affected
NetBSD 2.0.*: affected
NetBSD 2.0: affected
Severity: Local privilege escalation
Fixed: NetBSD-current: June 01, 2006
NetBSD-3-0 branch: June 08, 2006
(3.0.1 includes the fix)
NetBSD-3 branch: June 08, 2006
NetBSD-2-1 branch: June 08, 2006
(2.1.1 will include the fix)
NetBSD-2-0 branch: June 08, 2006
(2.0.4 will include the fix)
NetBSD-2 branch: June 08, 2006
Abstract
========
The sail, dungeon master arbiter and tetris games all
contain buffer
overflows. These programs are installed sgid games, and
when
successfully exploited the vulnerabilities may allow an
attacker to
elevate their privileges to the games group.
The sail vulnerability has been assigned CVE reference
CVE-2006-1744.
The tetris vulnerability has been assigned CVE reference
CVE-2006-1539.
Technical Details
=================
* When processing user supplied input, sail and dm do not
check the
length of the string supplied by the user before storing
it.
* When storing user supplied input, tetris does not check
the length
of the string before storing it.
* When reading in the tetris scores file the data is not
vaildated
before it is stored.
Solutions and Workarounds
=========================
The following instructions describe how to upgrade your
games binaries
by updating your source tree and rebuilding and installing a
new
version of dm, sail and tetris.
* NetBSD-current:
Systems running NetBSD-current dated from before 2006-06-01
should be upgraded to NetBSD-current dated 2006-06-02 or
later.
The following files need to be updated from the
netbsd-current CVS branch (aka HEAD):
games/dm/dm.c
games/sail/pl_main.c
games/tetris/scores.c
To update from CVS, re-build, and re-install sail and dm:
# cd src
# cvs update -d -P games/dm/dm.c
# cvs update -d -P games/sail/pl_main.c
# cvs update -d -P games/tetris/scores.c
# cd games/dm
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
# cd ../sail
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
# cd ../tetris
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
* NetBSD 3.*:
Systems running NetBSD 3.* sources dated from before
2006-06-08 should be upgraded from NetBSD 3.* sources dated
2006-06-09 or later.
The following files need to be updated from the
netbsd-3 or netbsd-3-0 CVS branch:
games/dm/dm.c
games/sail/pl_main.c
games/tetris/scores.c
To update from CVS, re-build, and re-install sail and dm:
# cd src
# cvs update -d -P -r <branch_name> games/dm/dm.c
# cvs update -d -P -r <branch_name>
games/sail/pl_main.c
# cvs update -d -P -r <branch_name>
games/tetris/scores.c
# cd games/dm
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
# cd ../sail
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
# cd ../tetris
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
* NetBSD 2.*:
Systems running NetBSD 2.* sources dated from before
2006-06-08 should be upgraded from NetBSD 2.* sources dated
2006-06-09 or later.
The following files need to be updated from the
netbsd-2, netbsd-2-0 or netbsd-2-1 CVS branch:
games/dm/dm.c
games/sail/pl_main.c
games/tetris/scores.c
To update from CVS, re-build, and re-install sail and dm:
# cd src
# cvs update -d -P -r <branch_name> games/dm/dm.c
# cvs update -d -P -r <branch_name>
games/sail/pl_main.c
# cvs update -d -P -r <branch_name>
games/tetris/scores.c
# cd games/dm
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
# cd ../sail
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
# cd ../tetris
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
Thanks To
=========
Maximillian Dornseif for notification of dm the issue.
Anibal Sacco is credited with the discovery of the sail
issue.
Tavis Ormandy is credited with the discovery of the tetris
issues.
Revision History
================
2006-08-10 Initial release
More Information
================
Advisories may be updated as new information becomes
available.
The most recent version of this advisory (PGP signed) can be
found at
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-S
A2006-018.txt.asc
Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/
and http://www.NetBSD.or
g/Security/.
Copyright 2006, The NetBSD Foundation, Inc. All Rights
Reserved.
Redistribution permitted only in full, unmodified form.
$NetBSD: NetBSD-SA2006-018.txt,v 1.8 2006/08/10 18:07:38
adrianp Exp $
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (NetBSD)
iQCVAwUBRNt2Bj5Ru2/4N2IFAQLq8wP9EqP1rYwU1j2Pp8cOc/dM1Nf1GnDy
MVIZ
8fk/eoQvvuPaJ4OiLG5l+fnxD0DtczX7WvFRKHCIks8mQPlpNSFpa1z1vaNO
3Xxh
PTkZkkUADkWy3Z0aHmZb7MmL/cSuY2hgOab5TpThCSSlOcHfHY51QYvrJdm0
rJv1
18SS1eBOpKE=
=/9Fg
-----END PGP SIGNATURE-----
|