Gentoo Linux NetHack, Falcon`s Eye, and Slash`EM privilege escalation
| gentoo-multiple-games-privilege-escalation (25528) |  Medium Risk |
Description:
NetHack could allow a local attacker with group 'games' privileges to gain elevated privileges on the system. An attacker could exploit multiple buffer overflow vulnerabilities and insecure file creation issues to execute arbitrary code on the system or create and overwrite files on the system with the privileges of other users.
Platforms Affected:
- Falcon's Eye, Falcon's Eye 1.9.4a and prior
- Gentoo, Linux
- Nethack Development Team, NetHack 3.4.3-r1 and prior
- Slash'EM, Slash'EM 0.0.760 and prior
Remedy:
Refer to GLSA 200603-23 for upgrade or suggested workaround information. See References.
Consequences:
Gain Privileges
References:
- BID-17217: Gentoo Nethack And Variants Local Privilege Escalation Vulnerability
- CVE-2006-1390: The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks.
- GLSA-200603-23: NetHack, Slash'EM, Falcon's Eye: Local privilege escalation
- OSVDB ID: 24104: Gentoo Linux Multiple nethack Games High Score Processing Local Overflow
- SA19376: Gentoo nethack / falconseye / slashem Privilege Escalation
Reported:
Mar 23, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net