Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1390

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2006-1390
Last Modified 05 Sep 2008 05:01:47
Published 24 Mar 2006 07:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-1390

Summary

The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks.

Vulnerable Systems

Operating System

  • Gentoo Linux 0.5

  • Gentoo Linux 0.7

  • Gentoo Linux 1.1a

  • Gentoo Linux 1.2

  • Gentoo Linux 1.4


References

GENTOO - GLSA-200603-23

BID - 17217

SECUNIA - 19376

MISC - http://bugs.gentoo.org/show_bug.cgi?id=127319

MISC - http://bugs.gentoo.org/show_bug.cgi?id=127167

MISC - http://bugs.gentoo.org/show_bug.cgi?id=125902

MISC - http://bugs.gentoo.org/show_bug.cgi?id=122376

XF - gentoo-multiple-games-privilege-escalation(25528)

BUGTRAQ - 20060324 Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation

BUGTRAQ - 20060324 Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Localprivilege escalation

OSVDB - 24104


Last Updated: 27 May 2016 10:42:02