[Secure-testing-team] Bug#651620: ~/.rocksndiamonds/ is world-writable

Jakub Wilk jwilk at debian.org
Sat Dec 10 16:12:05 UTC 2011


Package: rocksndiamonds
Version: 3.3.0.1+dfsg1-1
Severity: grave
Tags: security
Justification: user security hole

The ~/.rocksndiamonds directory and its subdirectories are created as 
writable to anybody. This allows an attacker to overwrite arbitrary 
files by doing this:
1) Delete the /home/victim/.rocksndiamonds/cache/artworkinfo.cache file.
2) Create new /home/victim/.rocksndiamonds/cache/artworkinfo.cache as a 
symlink to a file you want to overwrite.
3) Wait until the victim runs the game.

-- 
Jakub Wilk





More information about the Secure-testing-team mailing list