Koules Svgalib Buffer Overflow Vulnerability

Koules is an original, arcade-style game authored by Jan Hubicka. The version using svgalib is usually installed setuid root so that it may access video hardware when being run at the console by regular users. This version contains a buffer overflow vulnerability that may allow a user to gain higher priviledges. The vulnerability exists in handling of user-supplied commandline arguments.

Successful exploitation of this vulnerability leads to root compromise. Debian has announced they are not vulnerable to this problem.


 

Privacy Statement
Copyright 2010, SecurityFocus