Vulnerability Description
The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gentoo | Linux | 0.5 |
References
- http://bugs.gentoo.org/show_bug.cgi?id=122376Exploit
- http://bugs.gentoo.org/show_bug.cgi?id=125902Exploit
- http://bugs.gentoo.org/show_bug.cgi?id=127167
- http://bugs.gentoo.org/show_bug.cgi?id=127319
- http://secunia.com/advisories/19376Vendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200603-23.xmlPatch
- http://www.osvdb.org/24104
- http://www.securityfocus.com/archive/1/428739/100/0/threaded
- http://www.securityfocus.com/archive/1/428743/100/0/threaded
- http://www.securityfocus.com/bid/17217
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25528
- http://bugs.gentoo.org/show_bug.cgi?id=122376Exploit
- http://bugs.gentoo.org/show_bug.cgi?id=125902Exploit
- http://bugs.gentoo.org/show_bug.cgi?id=127167
- http://bugs.gentoo.org/show_bug.cgi?id=127319
FAQ
What is CVE-2006-1390?
CVE-2006-1390 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files t...
How severe is CVE-2006-1390?
CVE-2006-1390 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1390?
Check the references section above for vendor advisories and patch information. Affected products include: Gentoo Linux.