Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: /tmp event logger

From: bst () INAME COM (bst () INAME COM)
Date: Mon, 16 Mar 1998 10:18:24 -0400

More buggy soft (check your systems):

* Conquest Game (Multi-player, curses based, space warfare game.)
               ftp://sunsite.unc.edu/pub/Linux/games/strategy/
               (the location has been changed, check it)

The program is installed [2771] gid = conquest.

There are so many potential overflow conditions in the code, here is one as an
example:

        char conf_name[256];
        char *homevar;
                ...
        if ((homevar = getenv("HOME")) == NULL)
         {
           clog("GetConf(): getenv(HOME) failed");
           fprintf(stderr, "Can't get HOME environment variable. Exiting\n");
           return(ERR);
         }

        sprintf(conf_name, "%s/%s", homevar, CONFIG_FILE);


* LinCity Game (LinCity is an SVGALIB and X based city/country simulation game
                for Linux, Solaris 2.5, FreeBSD, HP_UX, AIX and IRIX are ALPHA
                at this time, but have. been reported to work - sometimes
                needing a tweak to the Makefile[s].)
                ftp://sunsite.unc.edu/pub/Linux/games/strategy

ZzZZz:

        char s[100];
                ...
        strcpy(s,getenv("HOME"));


Good luck!
Previous By Date Next
Previous By Thread Next

Current thread: