A local overflow exists in Xsok. The program fails to bounds check the "-xsokdir" command line argument resulting in a buffer overflow. With a specially crafted request, an attacker can cause privilege escalation to the games GID resulting in a loss of confidentiality, integrity, and/or availability.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Remove suid or sgid bits for the program.
Vendor URL: http://linux.maruhn.com/sec/xsok.html Vendor Specific Advisory URL Secunia Advisory ID:10513 Related OSVDB ID: 3333 Other Advisory URL: http://www.securiteam.com/exploits/5KP0115BPQ.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-01/0012.html ISS X-Force ID: 14906 Generic Exploit URL: http://archives.neohapsis.com/archives/bugtraq/2004-01/att-0012/0x333xsok_2_.c CVE-2004-0074 Bugtraq ID: 9341