[ GLSA 200503-24 ] LTris: Buffer overflow

GLSA · Last edited by GLSA on Sun May 07, 2006 4:55 pm; edited 1 time in total

Gentoo Linux Security Advisory

Title: LTris: Buffer overflow (GLSA 200503-24)
Severity: normal
Exploitable: local
Date: March 20, 2005
Bug(s): #85770
ID: 200503-24

Synopsis

LTris is vulnerable to a buffer overflow which could lead to the execution of arbitrary code.

Background

LTris is a Tetris clone.

Affected Packages

Package: games-puzzle/ltris
Vulnerable: < 1.0.10
Unaffected: >= 1.0.10
Architectures: All supported architectures

Description

LTris is vulnerable to a buffer overflow when reading the global highscores file.

Impact

By modifying the global highscores file a malicious user could trick another user to execute arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All LTris users should upgrade to the latest version: