From owner-freebsd-security@FreeBSD.ORG Sun Oct 16 08:22:15 2005 Return-Path: <owner-freebsd-security@FreeBSD.ORG> X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D377316A41F for <freebsd-security@freebsd.org>; Sun, 16 Oct 2005 08:22:15 +0000 (GMT) (envelope-from smajor@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4DA8143D48 for <freebsd-security@freebsd.org>; Sun, 16 Oct 2005 08:22:15 +0000 (GMT) (envelope-from smajor@gmail.com) Received: by zproxy.gmail.com with SMTP id 8so694410nzo for <freebsd-security@freebsd.org>; Sun, 16 Oct 2005 01:22:14 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:to:cc:subject:date:mime-version:content-type:content-transfer-encoding:x-mailer:in-reply-to:x-mimeole:thread-index:from:message-id; b=jxvxLAqUXfWs0rqc3Wudfwtq/lFvcFSDghuDj4IYxQ4WKME3luySEm/EBUTbML04fFHg/qBikFi4UYQjmk/DLKRP8oA/KEterRKcWZ7YquO1F5+amavG4bRLqqF3ABeROZUtHRoPeHGTb+/2qfBIkXOqFNuqtS4/uNwsNKJRel0= Received: by 10.37.15.26 with SMTP id s26mr970705nzi; Sun, 16 Oct 2005 01:22:14 -0700 (PDT) Received: from p3 ( [67.160.7.98]) by mx.gmail.com with ESMTP id 37sm884953nzf.2005.10.16.01.22.13; Sun, 16 Oct 2005 01:22:14 -0700 (PDT) To: "'Mathieu Arnold'" <mat@mat.cc>, "'Kris Kennaway'" <kris@obsecurity.org> Date: Sun, 16 Oct 2005 01:21:13 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook, Build 11.0.6353 In-Reply-To: <4FB7164D6E6041F49E3BEE97@cc-126-240.int.t-online.fr> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 Thread-Index: AcXSKcMu3XpBNGeqRLmjV49KVsw5SAAAG6fQ From: Stephen Major <smajor@gmail.com> Message-ID: <43520db6.74a03918.7133.ffffc4ec@mx.gmail.com> Cc: freebsd-security@freebsd.org Subject: RE: GID Games Exploits X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" <freebsd-security.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security> List-Post: <mailto:freebsd-security@freebsd.org> List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=subscribe> X-List-Received-Date: Sun, 16 Oct 2005 08:22:15 -0000 Heh, was not familiar with it. I heard there were underground exploits, = I had no idea of the severity so I posted it here to hear feedback, so as = long as there is nothing to worry about cool. -----Original Message----- From: Mathieu Arnold [mailto:mat@mat.cc]=20 Sent: Sunday, October 16, 2005 1:15 AM To: Kris Kennaway; Stephen Major Cc: freebsd-security@freebsd.org Subject: Re: GID Games Exploits +-le 16/10/2005 00:47 -0400, Kris Kennaway =E9crivait : | On Sat, Oct 15, 2005 at 09:39:27PM -0700, Stephen Major wrote: |> It has come to my attention that there are quite a few local exploits |> circling around in the private sector for GID Games. |>=20 |> =20 |>=20 |> Several of the games have vanilla stack overflows in them which can = lead to |> elevation of privileges if successfully exploited. |=20 | Big deal..that's why they're setgid games (which can only write to | game data files) and not setuid anything important :-) It means that I can change my own score to something better, that's very important :-) --=20 Mathieu Arnold