oss-security December 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: [oss-security] CVE request: rocksndiamonds world-w

[oss-security] CVE request: rocksndiamonds world-writable working/config directory

From: Vincent Danen <vdanen_at_nospam>
Date: Mon Dec 12 2011 - 16:24:56 GMT
To: oss-security@lists.openwall.com

rocksndiamonds creates its ~/.rocksndiamonds/ directory as
world-writable. This could allow a local attacker to replace a cache
file with a symbolic link to a file they would not otherwise have access
to, and the next time the victim loaded the game, it would be
overwritten.

Could a CVE be assigned to this please?

References:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651620
https://bugzilla.redhat.com/show_bug.cgi?id=766805

-- Vincent Danen / Red Hat Security Response Team