Atari800 Atari800_Initialise() Function Local Overflow

2004-11-27T03:48:24
ID OSVDB:12140
Type osvdb
Reporter Adam Zabrocki(pi3ki31ny@wp.pl)
Modified 2004-11-27T03:48:24

Description

Vulnerability Description

A local overflow exists in Atari800 in the "Atari800_Initialise" function, resulting in a buffer overflow. With a specially crafted request, an attacker can get root privileges and execute arbitrary code, resulting in a loss of integrity.

Solution Description

Upgrade to version 1.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A local overflow exists in Atari800 in the "Atari800_Initialise" function, resulting in a buffer overflow. With a specially crafted request, an attacker can get root privileges and execute arbitrary code, resulting in a loss of integrity.

References:

Vendor URL: http://atari800.sourceforge.net/ Security Tracker: 1012335 Secunia Advisory ID:13473 Other Advisory URL: http://www.debian.org/security/2004/dsa-609 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1179.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0362.html CVE-2004-1076