From owner-freebsd-security@FreeBSD.ORG  Sun Oct 16 08:15:26 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 24F9616A41F
	for <freebsd-security@freebsd.org>;
	Sun, 16 Oct 2005 08:15:26 +0000 (GMT) (envelope-from mat@mat.cc)
Received: from plouf.absolight.net (plouf.absolight.net [193.30.224.136])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C904543D49
	for <freebsd-security@freebsd.org>;
	Sun, 16 Oct 2005 08:15:25 +0000 (GMT) (envelope-from mat@mat.cc)
Date: Sun, 16 Oct 2005 10:15:23 +0200
From: Mathieu Arnold <mat@mat.cc>
To: Kris Kennaway <kris@obsecurity.org>, Stephen Major <smajor@gmail.com>
Message-ID: <4FB7164D6E6041F49E3BEE97@cc-126-240.int.t-online.fr>
In-Reply-To: <20051016044712.GA27867@xor.obsecurity.org>
References: <4351d9bd.6245f154.4f04.ffffb6ef@mx.gmail.com>
	<20051016044712.GA27867@xor.obsecurity.org>
X-Mailer: Mulberry/3.1.6 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-Mailman-Approved-At: Sun, 16 Oct 2005 08:20:13 +0000
Cc: freebsd-security@freebsd.org
Subject: Re: GID Games Exploits
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Oct 2005 08:15:26 -0000

+-le 16/10/2005 00:47 -0400, Kris Kennaway =E9crivait :
| On Sat, Oct 15, 2005 at 09:39:27PM -0700, Stephen Major wrote:
|> It has come to my attention that there are quite a few local exploits
|> circling around in the private sector for GID Games.
|>=20
|> =20
|>=20
|> Several of the games have vanilla stack overflows in them which can lead =
to
|> elevation of privileges if successfully exploited.
|=20
| Big deal..that's why they're setgid games (which can only write to
| game data files) and not setuid anything important :-)

It means that I can change my own score to something better, that's very
important :-)

--=20
Mathieu Arnold