LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for March 18, 2010

Applications and bundled libraries

A critical look at sysfs attribute values

LWN.net Weekly Edition for March 11, 2010

Open source and the Morevna project

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

netris: buffer overflow

Package(s):netris CVE #(s):CAN-2003-0685
Created:August 18, 2003 Updated:October 1, 2003
Description: Shaun Colley discovered a buffer overflow vulnerability in netris, a network version of a popular puzzle game. A netris client connecting to an untrusted netris server could be sent an unusually long data packet, which would be copied into a fixed-length buffer without bounds checking. This vulnerability could be exploited to gain the priviliges of the user running netris in client mode, if they connect to a hostile netris server.

CAN-2003-0685

Alerts:
Debian DSA-372-1 2003-08-16
(Log in to post comments)

Copyright © 2010, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds