CVE-2006-1390

Severity

46%

Complexity

39%

Confidentiality

106%

This vulnerability applies only to the following games/versions: 1) NetHack 3.4.3-r1 and previous 2) Falcon's Eye 1.9.4a and previous 3) Slash'EM 0.0.760 and previous

The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks.

This vulnerability applies only to the following games/versions: 1) NetHack 3.4.3-r1 and previous 2) Falcon's Eye 1.9.4a and previous 3) Slash'EM 0.0.760 and previous

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Gentoo Linux

First reported 18 years ago

2006-03-25 00:06:00

Last updated 6 years ago

2018-10-18 16:32:00

Affected Software

Gentoo Linux 1.2

1.2

Gentoo Linux 1.4

1.4

Gentoo Linux 1.4 rc1

1.4

Gentoo Linux 1.4 rc2

1.4

Gentoo Linux 1.4 rc3

1.4

References

http://bugs.gentoo.org/show_bug.cgi?id=122376

Exploit

http://bugs.gentoo.org/show_bug.cgi?id=125902

Exploit

http://bugs.gentoo.org/show_bug.cgi?id=127167

http://bugs.gentoo.org/show_bug.cgi?id=127319

19376

Vendor Advisory

GLSA-200603-23

Patch

24104

20060324 Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Localprivilege escalation

20060324 Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation

17217

gentoo-multiple-games-privilege-escalation(25528)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.