Bug#609096: Buffer overflow in xdigger with long argv[0]
Silvio Cesare
silvio.cesare at gmail.com
Thu Jan 6 05:47:16 UTC 2011
Package: xdigger
Version: 1.0.10-13
Severity: important
Tags: security
There is a buffer overflow in xdigger.
xdigger_1.0.10/xdigger.c
strcpy(progname, argv[0]);
I confirmed execv* with a long argv[0] crashes xdigger.
Some other cases in the sound module with copying and strcating pargv/argv
might be worth looking at also. I have not investigated further. Nor have I
investigated exploitability.
xdigger is SGID games.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20110106/ee21bda9/attachment.htm>
More information about the Pkg-games-devel
mailing list