This exploit demonstrates a local buffer overflow in 4digits-text 1.1.4, where an overly long HOME environment variable triggers a segmentation fault during the save_score() function, potentially allowing privilege escalation if the binary is setuid/setgid.
Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target:4digits-text 1.1.4
No auth needed
Prerequisites:4digits-text binary must be setuid/setgid · Attacker must win the game to trigger save_score()