CVE-2003-0358
published 2003-06-09CVE-2003-0358: Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a…
PriorityP419medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
1.22%
64.8th percentile
Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | nethack | < nethack 3.4.1-1 (bookworm) | nethack 3.4.1-1 (bookworm) |
| debian | slashem | < nethack 3.4.1-1 (bookworm) | nethack 3.4.1-1 (bookworm) |
| falconseye_project | falconseye | <= 1.9.3 | — |
| nethack | nethack | <= 3.4.0 | — |
| nethack | nethack | >= 0 < 3.4.1-1 | 3.4.1-1 |
| nethack | nethack | >= 0 < 3.4.1-1 | 3.4.1-1 |
| nethack | nethack | >= 0 < 3.4.1-1 | 3.4.1-1 |
| nethack | nethack | >= 0 < 3.4.1-1 | 3.4.1-1 |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h59w-g68x-v974: Buffer overflow in (1) nethack 3
ghsa_unreviewed·2022-04-29
CVE-2003-0358 [MEDIUM] CWE-120 GHSA-h59w-g68x-v974: Buffer overflow in (1) nethack 3
Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option.
OSV
CVE-2003-0358: Buffer overflow in (1) nethack 3
osv·2003-06-09·CVSS 4.6
CVE-2003-0358 [MEDIUM] CVE-2003-0358: Buffer overflow in (1) nethack 3
Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option.
Debian
CVE-2003-0358: nethack - Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and e...
vendor_debian·2003·CVSS 4.6
CVE-2003-0358 [MEDIUM] CVE-2003-0358: nethack - Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and e...
Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option.
Scope: local
bookworm: resolved (fixed in 3.4.1-1)
bullseye: resolved (fixed in 3.4.1-1)
forky: resolved (fixed in 3.4.1-1)
sid: resolved (fixed in 3.4.1-1)
trixie: resolved (fixed in 3.4.1-1)
No detection rules found.
Exploit-DB
Nethack 3 - Local Buffer Overflow (1)
exploitdb·2003-02-10
CVE-2003-0358 Nethack 3 - Local Buffer Overflow (1)
Nethack 3 - Local Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/6806/info
By passing an overly large string when invoking nethack, it is possible to corrupt memory.
By exploiting this issue it may be possible for an attacker to overwrite values in sensitive areas of memory, resulting in the execution of arbitrary attacker-supplied code. As nethack may be installed setgid 'games' on various systems this may allow an attacker to gain elevated privileges.
slashem, jnethack and falconseye are also prone to this vulnerability.
/*
tsao@efnet #!IC@efnet 2k3
thnx to aleph1 for execve shellcode &
davidicke for setreuid() shellcode
*/
#include
#include
#include
char code[] =
"\x29\xc4\x31\xc0\x31\xc9\x31\xdb\xb3\x0c\x89\xd9\xb0\x46\xcd\x80"
"\xeb\x1f\x5e\x89\x76\x08\
Exploit-DB
Nethack 3 - Local Buffer Overflow (2)
exploitdb·2003-02-10
CVE-2003-0358 Nethack 3 - Local Buffer Overflow (2)
Nethack 3 - Local Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/6806/info
By passing an overly large string when invoking nethack, it is possible to corrupt memory.
By exploiting this issue it may be possible for an attacker to overwrite values in sensitive areas of memory, resulting in the execution of arbitrary attacker-supplied code. As nethack may be installed setgid 'games' on various systems this may allow an attacker to gain elevated privileges.
slashem, jnethack and falconseye are also prone to this vulnerability.
/* DSR-nethack.c by [email protected]
* Vulnerbility Found by tsao.
*
* Local BufferOverflow that leads
* to elevated privileges [games].
*
* Basic PoC code...nothing special.
*[bob@dtors bob]$ ./DSR-nethack
*
* DSR-nethack.c By bob.
* Local Expl
Exploit-DB
Nethack 3 - Local Buffer Overflow (3)
exploitdb·2003-02-10
CVE-2003-0358 Nethack 3 - Local Buffer Overflow (3)
Nethack 3 - Local Buffer Overflow (3)
---
source: https://www.securityfocus.com/bid/6806/info
By passing an overly large string when invoking nethack, it is possible to corrupt memory.
By exploiting this issue it may be possible for an attacker to overwrite values in sensitive areas of memory, resulting in the execution of arbitrary attacker-supplied code. As nethack may be installed setgid 'games' on various systems this may allow an attacker to gain elevated privileges.
slashem, jnethack and falconseye are also prone to this vulnerability.
#!/usr/bin/perl -w
#
# tsao@efnet #!IC@efnet 2k3
# thnx to aleph1 for execve shellcode
# davidicke for setreuid() shellcode
$sc .= "\x31\xdb\x31\xc9\xbb\xff\xff\xff\xff\xb1\x0c\x31\xc0\xb0\x46\xcd\x80\x31\xdb";
$sc .= "\x31\xc9\xb3\x0c\xb1\x0c\
No writeups or analysis indexed.
http://nethack.sourceforge.net/v340/bugmore/secpatch.txthttp://www.debian.org/security/2003/dsa-316http://www.debian.org/security/2003/dsa-350http://www.securityfocus.com/archive/1/311172/2003-02-08/2003-02-14/0http://www.securityfocus.com/bid/6806https://exchange.xforce.ibmcloud.com/vulnerabilities/11283http://nethack.sourceforge.net/v340/bugmore/secpatch.txthttp://www.debian.org/security/2003/dsa-316http://www.debian.org/security/2003/dsa-350http://www.securityfocus.com/archive/1/311172/2003-02-08/2003-02-14/0http://www.securityfocus.com/bid/6806https://exchange.xforce.ibmcloud.com/vulnerabilities/11283
2003-06-09
Published