Linleys Dungeon Crawl Arbitrary Command Execution

2006-01-20T04:18:28
ID OSVDB:22690
Type osvdb
Reporter Stefan Kemp()
Modified 2006-01-20T04:18:28

Description

Vulnerability Description

Dungeon Crawl contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered because the program executes programs in an insecure manner when saving or loading games, allowing a local user to gain 'games' group privileges. This flaw may lead to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds issued by the vendor to correct this issue.

Debian users should upgrade using the new packages that have been made available for the 'woody', 'sarge' and 'sid' distributions.

Short Description

Dungeon Crawl contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered because the program executes programs in an insecure manner when saving or loading games, allowing a local user to gain 'games' group privileges. This flaw may lead to a loss of integrity.

References:

Vendor URL: http://www.dungeoncrawl.org/ Vendor Specific Advisory URL Secunia Advisory ID:18545 Secunia Advisory ID:18573 FrSIRT Advisory: ADV-2006-0303 CVE-2006-0045 Bugtraq ID: 16337