[原文]Multiple buffer overflows in the checkscores function in scores.c in tetris-bsd in bsd-games before 2.17-r1 in Gentoo Linux might allow local users with games group membership to gain privileges by modifying tetris-bsd.scores to contain crafted executable content, which is executed when another user launches tetris-bsd.
tetris-bsd on Gentoo Linux checkscores() Function Local Overflow
Local Access Required
Loss of Integrity
A local overflow exists in tetris-bsd of the port bsd-games on Gentoo Linux. The checkscores() function in scores.c fails to validate a player's name, obtained from the '/var/games/tetris-bsd.scores' file, before it is printed into a buffer using sprintf, resulting in a stack overflow. The same function also reads player level without validation, resulting in an integer overflow. With a specially crafted request, an attacker can execute arbitrary code as a user with the permissions of the games group, resulting in a loss of integrity.
Upgrade to version 2.17-r1 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: do not add untrusted users to the "games" group.