GTetrinet: Remote code execution — GLSA 200609-02

GTetrinet is vulnerable to a remote buffer overflow, potentially leading to arbitrary code execution.

Affected Packages

games-puzzle/gtetrinet on all architectures
Affected versions < 0.7.10
Unaffected versions >= 0.7.10

Background

GTetrinet is a networked Tetris clone for GNOME 2.

Description

Michael Gehring has found that GTetrinet fails to properly handle array indexes.

Impact

An attacker can potentially execute arbitrary code by sending a negative number of players to the server.

Workaround

There is no known workaround at this time.

Resolution

All GTetrinet users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=games-puzzle/gtetrinet-0.7.10"

References

Release Date
September 06, 2006

Latest Revision
September 07, 2006: 02

Severity
normal

Exploitable
remote

Bugzilla entries