VULHUB ™

Affected versions of Dopewars allow users to specify high score files. In the case that Dopewars is installed setuid/setgid, this may allow a local attacker to disclose the contents of files which are readable by the owner/group of the Dopewars binary. Additionally, an attacker may exploit this to overwrite files which are writeable by the owner/group of the Dopewars binary.

Affected versions of Dopewars allow users to specify high score files. In the case that Dopewars is installed setuid/setgid, this may allow a local attacker to disclose the contents of files which are readable by the owner/group of the Dopewars binary. Additionally, an attacker may exploit this to overwrite files which are writeable by the owner/group of the Dopewars binary.