CVE-2003-1446

Name of the Vulnerable Software and Affected Versions Rogue version 5.2-2

Description The issue is related to a buffer overflow in the save into file function, located in the save.c file. This allows local users to execute arbitrary code with games group privileges. The exploitation is possible by setting a long HOME environment variable and invoking the save game function with a ~ (tilde).

Recommendations For Rogue version 5.2-2, consider restricting access to the save into file function in save.c until a patch is available. As a temporary workaround, avoid using the save game function with a ~ (tilde) when the HOME environment variable is set to a long value.