Ulf Härnhammar discovered an exploitable vulnerability in
lbreakout2’s environmental variable handling. In several
instances, the contents of the HOME environmental variable
are copied to a stack or global buffer without range
checking. A local attacker may use this vulnerability to
acquire group-ID `games’ privileges.
An exploit for this vulnerability has been published by
``Li0n7 voila fr’'.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | lbreakout2 | <= 2.2.2_1 | UNKNOWN |