FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xshisen -- local buffer overflows

Affected packages
xshisen < 1.36_1

Details

VuXML ID 56971fa6-641c-11d9-a097-000854d03344
Discovery 2005-01-11
Entry 2005-01-11
Modified 2005-01-19

Steve Kemp has found buffer overflows in the handling of the command line flag -KCONV and the XSHISENLIB environment variable. Ulf Härnhammer has detected an unbounded copy from the GECOS field to a char array. All overflows can be exploited to gain group games privileges.

References

CVE Name CVE-2003-1053
CVE Name CVE-2005-0117
URL http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=213957
URL http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=289784

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.