CVE-2006-1390

high

Description

The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25528

http://www.securityfocus.com/bid/17217

http://www.securityfocus.com/archive/1/428743/100/0/threaded

http://www.securityfocus.com/archive/1/428739/100/0/threaded

http://www.osvdb.org/24104

http://www.gentoo.org/security/en/glsa/glsa-200603-23.xml

http://secunia.com/advisories/19376

http://bugs.gentoo.org/show_bug.cgi?id=127319

http://bugs.gentoo.org/show_bug.cgi?id=127167

Details

Source: Mitre, NVD

Published: 2006-03-25

Updated: 2018-10-18

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High