Subject: bin/18507: rogue buffer overflow vulnerability
To: None <>
From: None <>
List: netbsd-bugs
Date: 10/02/2002 09:40:26
>Number:         18507
>Category:       bin
>Synopsis:       rogue buffer overflow vulnerability
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Oct 02 09:41:00 PDT 2002
>Originator:     Ed Ravin
>Release:        1.6
Public Access Networks
NetBSD 1.6 NetBSD 1.6 (PANIX-USER) #0: Fri Sep 13 20:17:38 EDT 2002 i386  
A report on bugtraq and freebsd-security claims that rogue, when invoked by /usr/games/dm with setgid games, can be buffer-overflowed for privilege escalation to group games.

Author of report was

Report had exploit attached.
Author of report claims vulnerable code is in file save.c, function