FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

golddig -- local buffer overflow vulnerabilities

Affected packages
golddig <= 2.0

Details

VuXML ID 949c470e-528f-11d9-ac20-00065be4b5b6
Discovery 2004-11-11
Entry 2005-01-03
Modified 2005-01-19

Two buffer overflow vulnerabilities where detected. Both issues can be used by local users to gain group games privileges on affected systems.

The first overflow exists in the map name handling and can be triggered when a very long name is given to the program during command-line execution

The second overflow exists in the username processing while writing the players score to disk. Excessivly long usernames, set via the USER environment variable, are stored without any length checks in a memory buffer.

References

CVE Name CVE-2005-0121
Message 200412021055.iB2AtweU067125@repoman.freebsd.org