• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

ClanLib Environment Variable Overflow Vulnerability

ClanLib is a cross platform game development library. It includes many common low level functions related to graphics, sound and resource management. It has been released for several Linux distributions, as well as Microsoft Windows.

A vulnerability exists in ClanLib's handling of extremely long environment variables. Under some circumstances, an overflow condition will occur, resulting in the instruction pointer being corrupted. Execution of arbitrary code as user or group 'games' may be possible on some systems.

Other versions of ClanLib may share this vulnerability. Further technical details are not available at this time.