CVE-2004-0158

Current Description

Buffer overflow in lbreakout2 allows local users to gain 'games' group privileges via a large HOME environment variable to (1) editor.c, (2) theme.c, (3) manager.c, (4) config.c, (5) game.c, (6) levels.c, or (7) main.c.

Basic Data

PublishedMarch 29, 2004
Last ModifiedJuly 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score4.6
SeverityMEDIUM
Exploitability Score3.9
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationLgamesLbreakout22.0*******
    2.3ApplicationLgamesLbreakout22.0.1*******
    2.3ApplicationLgamesLbreakout22.1*******
    2.3ApplicationLgamesLbreakout22.1.1*******
    2.3ApplicationLgamesLbreakout22.1.2*******
    2.3ApplicationLgamesLbreakout22.2*******
    2.3ApplicationLgamesLbreakout22.2.1*******
    2.3ApplicationLgamesLbreakout22.2.2*******

Vulnerable Software List

VendorProductVersions
Lgames Lbreakout2 2.0, 2.0.1, 2.1, 2.1.1, 2.1.2, 2.2, 2.2.1, 2.2.2

References

NameSourceURLTags
20040222 lbreakout2 < 2.4beta-2 local exploithttp://marc.info/?l=bugtraq&m=107755821705356&w=2BUGTRAQ
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1.diff.gzhttp://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1.diff.gzCONFIRM
DSA-445http://www.debian.org/security/2004/dsa-445DEBIANPATCH Vendor Advisory
9712http://www.securityfocus.com/bid/9712BIDExploit PATCH Vendor Advisory
breakout2-home-bo(15229)https://exchange.xforce.ibmcloud.com/vulnerabilities/15229XF