CVE-2006-1390

4 documents4 sources

Severity

4.6MEDIUM

EPSS

0.2%

top 55.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gentoo Linux

Timeline

PublishedMar 25

Latest updateMay 1

Description

The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDgentoo/linux5 versions+4

Patches

Patch: www.gentoo.org ↗Patch: www.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-8g49-qr25-g5pw: The configuration of NetHack 3↗2022-05-01

▶

CVEList

CVE-2006-1390: The configuration of NetHack 3↗2006-03-25

▶

📋Vendor Advisories

Red Hat

nethack: Local privilege escalation via crafted score file↗

▶