A stack-based buffer overflow flaw was found in the way TORCS, the Open Racing Car Simulator, performed sound initialization. If a local, unsuspecting user was tricked into opening a specially-crafted audio file name via "engine sample" XML configuration file attribute, it could lead to 'torcs' executable crash, or, potentially arbitrary code execution with the privileges of the user running torcs. References: [1] http://www.openwall.com/lists/oss-security/2012/02/18/2 (OSS mailing post with further details) [2] http://www.exploit-db.com/exploits/18471/ (MS Windows XP Service Pack 3 exploit) [3] http://torcs.sourceforge.net/ (upstream page, version v1.3.3 is listed as latest)
This issue affects the versions of the torcs package, as shipped with Fedora release of 15 and 16. Please schedule an update.
Created torcs tracking bugs for this issue Affects: fedora-all [bug 795361]
Fixed in 1.3.3, current version in Fedora is 1.3.7.