CVE-2006-1390
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.6%
The configuration of NetHack 3.4.3-r1 and earlier, Falcon’s Eye 1.9.4a and earlier, and Slash’EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks.
Affected configurations
References
bugs.gentoo.org/show_bug.cgi?id=122376
bugs.gentoo.org/show_bug.cgi?id=125902
bugs.gentoo.org/show_bug.cgi?id=127167
bugs.gentoo.org/show_bug.cgi?id=127319
secunia.com/advisories/19376
www.gentoo.org/security/en/glsa/glsa-200603-23.xml
www.osvdb.org/24104
www.securityfocus.com/archive/1/428739/100/0/threaded
www.securityfocus.com/archive/1/428743/100/0/threaded
www.securityfocus.com/bid/17217
exchange.xforce.ibmcloud.com/vulnerabilities/25528
Related
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.6%