LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: August 25th, 2014
Linux Advisory Watch: August 15th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New pinball packages fix privilege escalation Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Steve Kemp from the Debian Security Audit project discovered that pinball, a pinball simulator, can be tricked into loading level plugins from user-controlled directories without dropping privileges.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1102-1                    security@debian.org
http://www.debian.org/security/                                 Steve Kemp
June 26th, 2006                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : pinball
Vulnerability  : design error
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2006-2196

Steve Kemp from the Debian Security Audit project discovered that
pinball, a pinball simulator, can be tricked into loading level
plugins from user-controlled directories without dropping privileges.

The old stable distribution (woody) does not contain this package.

For the stable distribution (sarge) this problem has been fixed in
version 0.3.1-3sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 0.3.1-6.

We recommend that you upgrade your pinball package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1.dsc
      Size/MD5 checksum:      811 17ac5604e5bb7e13b938d84012c6ea7c
    http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1.diff.gz
      Size/MD5 checksum:   320626 5473ae87027018899b08f12c34ddd538
    http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1.orig.tar.gz
      Size/MD5 checksum:  6082982 f28e8f49e0db8e9491e4d9f0c13c36c6

  Architecture independent components:

    http://security.debian.org/pool/updates/main/p/pinball/pinball-data_0.3.1-3sarge1_all.deb
      Size/MD5 checksum:  5542524 c586ed47103f89443cf32f57984ac95c

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_alpha.deb
      Size/MD5 checksum:   189898 6168d325d265c72da1007aaa83c7b9bd
    http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_alpha.deb
      Size/MD5 checksum:   325654 caeae82e416a40ad943ff38ce8c5eb98

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_amd64.deb
      Size/MD5 checksum:   167050 af8664da7ef5e0d1fd1e1eb86e2a7fc1
    http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_amd64.deb
      Size/MD5 checksum:   242432 36c44eed9de2d48089e7c396e270c98e

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_arm.deb
      Size/MD5 checksum:   193056 52d5e3fb06e529326ae361f739915169
    http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_arm.deb
      Size/MD5 checksum:   294198 4bc5b7e9d5b1cc0f0b90f91290cf0999

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_i386.deb
      Size/MD5 checksum:   159576 b7fcaf42621d2c356de66c90ea19fab0
    http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_i386.deb
      Size/MD5 checksum:   219780 7a4877a175b976ca20d25040e0fcab11

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_ia64.deb
      Size/MD5 checksum:   221146 717fb85a21f4bd4a535200a7420e16b9
    http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_ia64.deb
      Size/MD5 checksum:   315856 a9a8496a1d029a0d64afb00b0c5fd116

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_hppa.deb
      Size/MD5 checksum:   191708 e97c652fb430dbaeb5d367f196ea1ba0
    http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_hppa.deb
      Size/MD5 checksum:   300260 606404a0da99b9884229bee10849413e

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_m68k.deb
      Size/MD5 checksum:   160442 1ff1dd9d285de6e7300f8e7eb027c766
    http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_m68k.deb
      Size/MD5 checksum:   223038 a7a4a5a997a05cf929b45529cd81942f

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_mips.deb
      Size/MD5 checksum:   166400 05f3ea274037ffb1a2b76fa5a802ff87
    http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_mips.deb
      Size/MD5 checksum:   263344 ab1b99a12b3be3151f84e94a6073b27f

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_mipsel.deb
      Size/MD5 checksum:   165114 5275bf21b63a2a2c30148d7a7a3aface
    http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_mipsel.deb
      Size/MD5 checksum:   263394 f287e3ee0a11745580f175585112632b

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_powerpc.deb
      Size/MD5 checksum:   170788 bb51f1dc4d1f9a5cd7b244111b61bb42
    http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_powerpc.deb
      Size/MD5 checksum:   245192 d390d54045f7ac70bf63164ba672a4d0

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_s390.deb
      Size/MD5 checksum:   152218 873670da1cc02dbe495c7254d4c5e316
    http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_s390.deb
      Size/MD5 checksum:   214592 074ea5085ed5c727b9e4fcf9ce0574c2

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_sparc.deb
      Size/MD5 checksum:   159116 43ba78279f91e1da5268c71af524b3ab
    http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_sparc.deb
      Size/MD5 checksum:   233376 ec2531c5979bc0e6df6ec5f34d4d7d48


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Mozilla reports user data leak from Bugzilla project
These 3-D Printed Skeleton Keys Can Pick High-Security Locks in Seconds
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.