Local privilege escalation in NetHack, Falcon's Eye, and Slash'EM on Gentoo Linux
CVE-2006-1390

Currently unrated

Key Information:

Vendor: Gentoo
Status: Linux
Vendor: CVE Published:; 25 March 2006

What is CVE-2006-1390?

The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux presents a security risk. Local users who are part of the games group can exploit buffer overflow vulnerabilities to modify saved game files, leading to the execution of arbitrary code. This weakness also permits attacks through symlink techniques to overwrite critical files, potentially compromising system integrity.

References

http://secunia.com/advisories/19376

third-party-advisoryx_refsource_SECUNIA

http://www.gentoo.org/security/en/glsa/glsa-200603-23.xml

vendor-advisoryx_refsource_GENTOO

http://bugs.gentoo.org/show_bug.cgi?id=125902

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2006
Vulnerability Reserved
Mar 24, 2006