[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: Quake 2 Linux 3.13 (and lower) allow users to read arbitrary
From:       William T Wilson <fluffy () DUNADAN ! COM>
Date:       1998-02-25 19:52:15
[Download RAW message or body]

On Wed, 25 Feb 1998 kevingeo@CRUZIO.COM wrote:

> Vulnerable:
> Everyone who followed the installation instructions and made Quake2 setuid
> root.

To the best of my knowledge, Quake2 suffers from the same bug that squake
suffers from.  You can use the -gamedir option (or its quake 2 equivalent)
to make squake cough up a root shell using a standard buffer overflow
exploit.  I don't believe Zoid altered this for quake 2.  I don't think he
cares about security at all.

I wouldn't install anything of Zoid's setuid root without making it
group-owned by a trusted group and mode 4750.

This new exploit of yours even allows you to do evil things with Zoidware
even if it is installed with a wrapper.  :\  (Unless you want to make your
wrapper check all the file permissions too)

[prev in list] [next in list] [prev in thread] [next in thread]