[Secure-testing-team] Bug#651620: ~/.rocksndiamonds/ is world-writable
Jakub Wilk
jwilk at debian.org
Sat Dec 10 16:12:05 UTC 2011
Package: rocksndiamonds
Version: 3.3.0.1+dfsg1-1
Severity: grave
Tags: security
Justification: user security hole
The ~/.rocksndiamonds directory and its subdirectories are created as
writable to anybody. This allows an attacker to overwrite arbitrary
files by doing this:
1) Delete the /home/victim/.rocksndiamonds/cache/artworkinfo.cache file.
2) Create new /home/victim/.rocksndiamonds/cache/artworkinfo.cache as a
symlink to a file you want to overwrite.
3) Wait until the victim runs the game.
--
Jakub Wilk
More information about the Secure-testing-team
mailing list