diff options
| author | Jacques Vidrine <nectar@FreeBSD.org> | 2004-08-16 22:38:28 +0000 |
|---|---|---|
| committer | Jacques Vidrine <nectar@FreeBSD.org> | 2004-08-16 22:38:28 +0000 |
| commit | 9bfaf9c524d4a278d024ff8dd9f432304aa047d3 (patch) | |
| tree | 7ac221e57b5b8c7c9a86b1f35022dcd9bb7b1204 /security | |
| parent | 0e3cd31102d9169dae48308fed949f3dba925dfc (diff) | |
Notes
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 2c35e28c306a..7f0b9abc092d 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,36 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="6fd9a1e9-efd3-11d8-9837-000c41e2cdad"> + <topic>xonix -- failure to drop privileges</topic> + <affects> + <package> + <name>xonix</name> + <range><lt>1.4_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Debian security advisory reports:</p> + <blockquote cite="http://www.debian.org/security/2004/dsa-484"> + <p>Steve Kemp discovered a vulnerability in xonix, a game, + where an external program was invoked while retaining setgid + privileges. A local attacker could exploit this vulnerability + to gain gid "games".</p> + </blockquote> + </body> + </description> + <references> + <cvename>CAN-2004-0157</cvename> + <url>http://www.debian.org/security/2004/dsa-484</url> + <bid>10149</bid> + </references> + <dates> + <discovery>2004-04-14</discovery> + <entry>2004-08-16</entry> + </dates> + </vuln> + <vuln vid="65a17a3f-ed6e-11d8-aff1-00061bc2ad93"> <topic>Arbitrary code execution via a format string vulnerability</topic> <affects> |