Xmame multiple parameters buffer overflow
| xmame-multiple-parameters-bo (24102) |  High Risk |
Description:
Xmame is vulnerable to a buffer overflow, caused by improper bounds checking of multiple user-supplied parameters. By sending supplying an overly long -lang, -ctrlr, -pb, or -rec parameter, a local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges.
Platforms Affected:
- Lawrence Gold, Xmame
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Gain Privileges
References:
- BugTraq Mailing List, Tue Jan 31 2006 - 14:07:12 CST, Xmame 0.102 local vulnerability proof-of-concept at http://archives.neohapsis.com/archives/bugtraq/2006-01/0516.html.
- Full-Disclosure Mailing List, Tue Jan 10 2006 - 23:40:00 CST, mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation. at http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0379.html.
- Xmame Web site, Xmame/xmess Homepage at http://x.mame.net/.
- BID-16203: XMame Multiple Local Command Line Argument Buffer Overflow Vulnerabilities
- CVE-2006-0176: Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long (1) -lang, (2) -ctrlr, (3) -pb, or (4) -rec argument on many operating systems, and via a long (5) -jdev argument on Ubuntu Linux.
Reported:
Jan 10, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net