A buffer overflow vulnerability is reported to exist in LTris that may result in a local attacker obtaining elevated privileges. The flaw is reported to exist due to a lack of sufficient boundary checks performed when reading high-score data from the global LTris high-score file.
LTris versions prior to version 1.0.9 are reported prone to this issue.
-
漏洞利用
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.
-
解决方案
The vendor has addressed this vulnerability and fixes are available:
Gentoo has released an advisory (GLSA 200503-24) and an updated eBuild to address this vulnerability. Gentoo users that are running the affected software may apply the update by issuing the following sequence of commands as a superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=games-puzzle/ltris-1.0.10"