Vulnerability Description
Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows local users to execute arbitrary code via a long player name that is used in a scanf function call.
CVSS Score
4.6
MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Joey Hess | Bsdgames | 2.9 |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360989
- http://secunia.com/advisories/19687PatchVendor Advisory
- http://securityreason.com/securityalert/736
- http://www.debian.org/security/2006/dsa-1036PatchVendor Advisory
- http://www.osvdb.org/24634Patch
- http://www.pulltheplug.org/fu/?q=node/56
- http://www.securityfocus.com/bid/17401
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360989
- http://secunia.com/advisories/19687PatchVendor Advisory
- http://securityreason.com/securityalert/736
- http://www.debian.org/security/2006/dsa-1036PatchVendor Advisory
- http://www.osvdb.org/24634Patch
- http://www.pulltheplug.org/fu/?q=node/56
- http://www.securityfocus.com/bid/17401
FAQ
What is CVE-2006-1744?
CVE-2006-1744 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows local users to execute arbitrary code via a long player name that is used in a scanf function call.
How severe is CVE-2006-1744?
CVE-2006-1744 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1744?
Check the references section above for vendor advisories and patch information. Affected products include: Joey Hess Bsdgames.