Steve Kemp discovered a buffer overflow in marbles, when processing
the HOME environment variable This vulnerability could be exploited
by a local user to gain gid 'games'
For the current stable distribution (woody) this problem has been fixed
in version 102-1woody1
For the unstable distribution (sid) this problem will be fixed soon
We recomm ...
source: wwwsecurityfocuscom/bid/8710/info
A problem in the handling of data in the Home environment variable has been reported in the marbles program This may make it possible for a local attacker to gain elevated privileges
/* c-marblesc
*
* PoC exploit made for advisory based uppon an local stack based overflow
* Vulnerable ver ...