Emilia Pinball plugins privilege escalation
| emilia-pinball-plugins-privilege-escalation (27420) |  Medium Risk |
Description:
Emilia Pinball could allow a local attacker to gain elevated privileges on the system, caused by a failure to drop privileges prior to loading a compiled plugin. A local attacker could exploit this vulnerability by creating a specially-crafted compiled plugin which, once loaded by the pinball application, would be executed with 'games' user privileges.
Platforms Affected:
- Debian, Debian Linux 3.1
- Emilia Pinball, Emilia Pinball 0.3.1
Remedy:
Refer to DSA-1102-1 for patch, upgrade or suggested workaround information. See References.
Consequences:
Gain Privileges
References:
- Emilia Pinball Web site, Emilia Pinball at http://pinball.sourceforge.net/.
- CVE-2006-2196: Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges.
- DSA-1102: pinball -- design error
- OSVDB ID: 26829: Emilia Pinball Arbitrary Plugin Privilege Escalation
- SA20778: Emilia Pinball Compiled Plugins Loading Vulnerability
- VUPEN/ADV-2006-2535: Emilia Pinball Level Plugins Loading Security Bypass and Privilege Escalation Vulnerability
Reported:
Jun 02, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net