Secunia Logo
 Vulnerability IntelligenceVulnerability ScanningCommunity - new!Blog - new entry!Corporate InformationOnline ShopCustomer Login  
 Secunia AdvisoriesSecunia ResearchBinary Analysis  
Home > Vulnerability Intelligence > Secunia Advisories > Falcon's Eye Privilege Escalation Vulnerability
Secunia Advisories
Advisories
Search
Advisories by Product
Advisories by Vendor
Historic Advisories
Mailing Lists & RSS
Report Vulnerability
Contact Form
Business Solutions Restricted
Partner Solutions Restricted
About
 
Falcon's Eye Privilege Escalation Vulnerability
Secunia Advisory: SA9273
Advisory Toolbox:
Issue ticket
Save in to-do list
Mark as handled
Exploit information
Download as PDF
Review actions
Add comment
Release Date: 2003-07-15
Popularity: 6,890 views

Critical:
Not critical
Impact: Privilege escalation
Where: Local system
Solution Status: Vendor Patch

OS:Debian GNU/Linux 3.0
Debian GNU/Linux unstable alias sid

Software:Falcon's Eye 1.x
Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2003-0358
Description:
Debian has reported a vulnerability in Falcon's Eye, which can be exploited by malicious, local users to escalate their privileges on a vulnerable system.

The vulnerability is caused due to a boundary error in the handling of data supplied to the "-s" parameter at the command line. This can be exploited to cause a buffer overflow, which allows exectution of arbitrary code with the privileges of the "games" group.

Solution:
Updated packages:

-- Debian GNU/Linux 3.0 alias woody --

Source archives:

http://security.debian.org/pool/updat...lconseye/falconseye_1.9.3-7woody3.dsc
Size/MD5 checksum: 700 b11f92392768f7513c5d4f113faf113d
http://security.debian.org/pool/updat...seye/falconseye_1.9.3-7woody3.diff.gz
Size/MD5 checksum: 14939 70aeba2469a22234e1d6c659c47e848a
http://security.debian.org/pool/updat...lconseye/falconseye_1.9.3.orig.tar.gz
Size/MD5 checksum: 8237462 1f5a837d76b64bf52cfe0033924fb37e

Architecture independent components:

http://security.debian.org/pool/updat...falconseye-data_1.9.3-7woody3_all.deb
Size/MD5 checksum: 4991316 520ff0f0be13cfa42baa65af97f0b55e

Alpha architecture:

http://security.debian.org/pool/updat...ye/falconseye_1.9.3-7woody3_alpha.deb
Size/MD5 checksum: 1149664 3ff9e27ffa544fd1e5e2e8ddde03e1d5

ARM architecture:

http://security.debian.org/pool/updat...seye/falconseye_1.9.3-7woody3_arm.deb
Size/MD5 checksum: 873900 1d50f9f972b15030de3923f9376a870b

Intel IA-32 architecture:

http://security.debian.org/pool/updat...eye/falconseye_1.9.3-7woody3_i386.deb
Size/MD5 checksum: 774438 f9df67fd1d58100b46aaf348d9678472

Intel IA-64 architecture:

http://security.debian.org/pool/updat...eye/falconseye_1.9.3-7woody3_ia64.deb
Size/MD5 checksum: 1381860 1a7d26c1962f3e222bd162b1d1f48359

HP Precision architecture:

http://security.debian.org/pool/updat...eye/falconseye_1.9.3-7woody3_hppa.deb
Size/MD5 checksum: 1000060 7a106848005c7d98a4f85112dcfe4962

Motorola 680x0 architecture:

http://security.debian.org/pool/updat...eye/falconseye_1.9.3-7woody3_m68k.deb
Size/MD5 checksum: 728580 dfe5e7296df28eebd191debcb081097c

Big endian MIPS architecture:

http://security.debian.org/pool/updat...eye/falconseye_1.9.3-7woody3_mips.deb
Size/MD5 checksum: 935716 15224a235dc364839e9bd41dd86f21f5

Little endian MIPS architecture:

http://security.debian.org/pool/updat...e/falconseye_1.9.3-7woody3_mipsel.deb
Size/MD5 checksum: 936784 c9b192045d43213a567a88eca6775dab

PowerPC architecture:

http://security.debian.org/pool/updat.../falconseye_1.9.3-7woody3_powerpc.deb
Size/MD5 checksum: 881438 6e383fb41473e7433db1c88a05916c94

IBM S/390 architecture:

http://security.debian.org/pool/updat...eye/falconseye_1.9.3-7woody3_s390.deb
Size/MD5 checksum: 854812 aa044dc021a572309b65c7d7ce821dca

Sun Sparc architecture:

http://security.debian.org/pool/updat...ye/falconseye_1.9.3-7woody3_sparc.deb
Size/MD5 checksum: 894254 0aaa7b6c9f8918aab550ea5e4af07a49


-- Debian GNU/Linux unstable alias sid --

Fixed in version 1.9.3-9.

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

2nd Dec, 2008
New advisories: 14
New vulnerabilities: 21
Updated advisories: 26

Less // 402 views
Linksys WRT160N Cross-Site Scripting Vulnerability
Less // 386 views
IBM Rational ClearQuest Multiple Vulnerabilities
Not // 308 views
Debian update for flamethrower
Not // 297 views
flamethrower Insecure Temporary Files
Less // 356 views
IBM Rational ClearCase Cross-Site Scripting Vulnerability
Not // 344 views
DAHDI "ZT_SPANCONFIG" IOCTL Privilege Escalation Vulnerability
Not // 338 views
Zaptel "ZT_SPANCONFIG" IOCTL Privilege Escalation Vulnerabilities
Moderately // 325 views
Rumpus Multiple Vulnerabilities
Less // 345 views
bcoos "cid" SQL Injection Vulnerability
Moderately // 358 views
ASP Portal "ASPPortal.mdb" Database Disclosure Security Issue

Solutions | More...  

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. Sun Java JDK / JRE Multiple Vulnerabilities // 47 views
2. Zeroboard Multiple Vulnerabilities // 43 views
3. ClamAV "cli_check_jpeg_exploit()" Denial of Service Vulnerability // 33 views
4. IBM Rational ClearQuest Multiple Vulnerabilities // 32 views
5. DAHDI "ZT_SPANCONFIG" IOCTL Privilege Escalation Vulnerability // 32 views
6. IBM Rational ClearCase Cross-Site Scripting Vulnerability // 30 views
7. Debian update for flamethrower // 30 views
8. Linksys WRT160N Cross-Site Scripting Vulnerability // 28 views
9. ASP Portal "ASPPortal.mdb" Database Disclosure Security Issue // 28 views
10. Rumpus Multiple Vulnerabilities // 28 views



Contact | Terms & Conditions and Copyright | Report Vulnerability | Press | Jobs | About Secunia
Copyright Secunia 2002-2008