Vulnerability Details CVE-2006-1390
The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.8%
CVSS Severity
CVSS v2 Score 4.6
References
- http://bugs.gentoo.org/show_bug.cgi?id=122376
- http://bugs.gentoo.org/show_bug.cgi?id=125902
- http://bugs.gentoo.org/show_bug.cgi?id=127167
- http://bugs.gentoo.org/show_bug.cgi?id=127319
- http://secunia.com/advisories/19376
- http://www.gentoo.org/security/en/glsa/glsa-200603-23.xml
- http://www.osvdb.org/24104
- http://www.securityfocus.com/archive/1/428739/100/0/threaded
- http://www.securityfocus.com/archive/1/428743/100/0/threaded
- http://www.securityfocus.com/bid/17217
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25528
- http://bugs.gentoo.org/show_bug.cgi?id=122376
- http://bugs.gentoo.org/show_bug.cgi?id=125902
- http://bugs.gentoo.org/show_bug.cgi?id=127167
- http://bugs.gentoo.org/show_bug.cgi?id=127319
- http://secunia.com/advisories/19376
- http://www.gentoo.org/security/en/glsa/glsa-200603-23.xml
- http://www.osvdb.org/24104
- http://www.securityfocus.com/archive/1/428739/100/0/threaded
- http://www.securityfocus.com/archive/1/428743/100/0/threaded
- http://www.securityfocus.com/bid/17217
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25528
Products affected by CVE-2006-1390
-
cpe:2.3:o:gentoo:linux:0.5
-
cpe:2.3:o:gentoo:linux:0.7
-
cpe:2.3:o:gentoo:linux:1.1a
-
cpe:2.3:o:gentoo:linux:1.2
-
cpe:2.3:o:gentoo:linux:1.4