Info

Disclosure

Aug 30, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

GTetrinet contains multiple flaws related to out-of-bounds array indexing that may allow an attacker to execute arbitrary code. The flaw exists in tetrinet.c, where a remote attacker may specify a negative number of players, which is used as an array index.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 0.7.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Jordi Mallach

GTetrinet

0.7.8

References

CVE ID: 2006-3125 (see also: NVD)
Secunia Advisory ID: 21691 21704 21749 21800
Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Sep/0001.html
http://www.gentoo.org/security/en/glsa/glsa-200609-02.xml
Vendor Specific Advisory URL: http://www.us.debian.org/security/2006/dsa-1163

Credit

Michael Gehring -

Direct URL: http://osvdb.org/28269