Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-316-1:48A9A
HistoryJun 12, 2003 - 12:27 a.m.

[SECURITY] [DSA-316-1] New nethack packages fix buffer overflow, incorrect permissions

2003-06-1200:27:50
lists.debian.org
8

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Debian Security Advisory DSA 316-1 [email protected]
http://www.debian.org/security/ Matt Zimmerman
June 11th, 2003 http://www.debian.org/security/faq

Package : nethack
Vulnerability : buffer overflow, incorrect permissions
Problem-Type : local
Debian-specific: no
CVE Id : CAN-2003-0358 CAN-2003-0359

The nethack package is vulnerable to a buffer overflow exploited via a
long '-s' command line option. This vulnerability could be used by an
attacker to gain gid 'games' on a system where nethack is installed.

Additionally, some setgid binaries in the nethack package have
incorrect permissions, which could allow a user who gains gid 'games'
to replace these binaries, potentially causing other users to execute
malicious code when they run nethack.

For the stable distribution (woody) these problems have been fixed in
version 3.4.0-3.0woody3.

For the old stable distribution (potato) problem xxx has been fixed in
version 3.3.0-7potato1.

For the unstable distribution (sid) these problems are fixed in
version 3.4.1-1.

We recommend that you update your nethack package.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

Debian GNU/Linux 2.2 alias potato

Source archives:

http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1.dsc
  Size/MD5 checksum:      655 6457b20023bb6993cf7b67eb3d6a1f92
http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1.diff.gz
  Size/MD5 checksum:    18692 13ac890591e25dab8ceed16f72e1f471
http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0.orig.tar.gz
  Size/MD5 checksum:  2887417 cf9f4039408321f39c3ef733455cb73a

Alpha architecture:

http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1_alpha.deb
  Size/MD5 checksum:  1398066 713fcbb55b30327e41e27d6bcb6d607b

ARM architecture:

http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1_arm.deb
  Size/MD5 checksum:  1117428 73c2db664578473ef6659cab5cc4d6ef

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1_i386.deb
  Size/MD5 checksum:  1022056 db40676e291e8df8a4e361bcbfffe7bf

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1_m68k.deb
  Size/MD5 checksum:   978610 2b11d697920115da6d6221ff0a561c28

PowerPC architecture:

http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1_powerpc.deb
  Size/MD5 checksum:  1128166 97049fd8d1f264630e8388646f5b35e0

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1_sparc.deb
  Size/MD5 checksum:  1148254 a4ca25a566409ce3ff5bb84dc68b7b15

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/n/nethack/nethack_3.4.0-3.0woody3.dsc
  Size/MD5 checksum:      748 3b19c11e859addf7387327edc9919dda
http://security.debian.org/pool/updates/main/n/nethack/nethack_3.4.0-3.0woody3.diff.gz
  Size/MD5 checksum:    67431 178cb16dc35eba59d3f2cb8d9bcc82c9
http://security.debian.org/pool/updates/main/n/nethack/nethack_3.4.0.orig.tar.gz
  Size/MD5 checksum:  3270905 0093f14fbbe449d5b188bfb6aa4eae4f

Architecture independent components:

http://security.debian.org/pool/updates/main/n/nethack/nethack_3.4.0-3.0woody3_all.deb
  Size/MD5 checksum:    12996 adc0f1e825fbaf6d051ebe9ce6d113fd

Alpha architecture:

http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_alpha.deb
  Size/MD5 checksum:   448546 e22a529c9f6dd56f754e65c143e888bf
http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_alpha.deb
  Size/MD5 checksum:  1159370 7cb61bf9e18ab76ea49e8f5d07789b86
http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_alpha.deb
  Size/MD5 checksum:  1166088 9a04f218f4f12986991f231f32d78657
http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_alpha.deb
  Size/MD5 checksum:  1099536 4ade2cb58891fbf4612861e621de668a

ARM architecture:

http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_arm.deb
  Size/MD5 checksum:   430974 73bb44aa965b99c8dc95dab7789aba7b
http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_arm.deb
  Size/MD5 checksum:   891296 68a140761542ca2047adfd77ccee72c9
http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_arm.deb
  Size/MD5 checksum:   908178 b5c7b5764ff27dffa7228848cacbf7c6
http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_arm.deb
  Size/MD5 checksum:   826270 9090d14c531d1d6cd5ec555742aa39dc

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_i386.deb
  Size/MD5 checksum:   427996 cbd2cccef376e1986d3d30489ef41f46
http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_i386.deb
  Size/MD5 checksum:   790660 6fc1683852e67991d7b8326313d3dada
http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_i386.deb
  Size/MD5 checksum:   812066 bd0720e9b7ff4394388557628a782552
http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_i386.deb
  Size/MD5 checksum:   722422 3e25c8e6abe0da37c38b18819ba41231

HP Precision architecture:

http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_hppa.deb
  Size/MD5 checksum:   437252 4814c05bfe6becaa61d765c5e16d960b
http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_hppa.deb
  Size/MD5 checksum:  1028208 f3786ca02d6e4a2addc838713c72b541
http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_hppa.deb
  Size/MD5 checksum:  1050072 a7e2a4df3d68b695a8f115a07d02745c
http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_hppa.deb
  Size/MD5 checksum:   964926 c52414ef50a612a375c50f62f32a9910

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_m68k.deb
  Size/MD5 checksum:   425090 d6f27579b87dc04bbdf3027e03d31c21
http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_m68k.deb
  Size/MD5 checksum:   744130 6c9d59e42180972c686e9588c34a0dc3
http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_m68k.deb
  Size/MD5 checksum:   759848 25f8e9bf0bfc3bb214cf44aa53551bb7
http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_m68k.deb
  Size/MD5 checksum:   677096 1a8fee87a24e387b4cccc82047f56154

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_mips.deb
  Size/MD5 checksum:   437234 285bc9f5ecf31dc795b36d6d3938c198
http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_mips.deb
  Size/MD5 checksum:   913234 8307a4a58da664337ffea071f9cfedb3
http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_mips.deb
  Size/MD5 checksum:   962694 1f2157ea26bb522e53acadc8474c4b3b
http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_mips.deb
  Size/MD5 checksum:   884232 d10f2486bdd53389c34be664fbbebf62

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_mipsel.deb
  Size/MD5 checksum:   436524 df00a3c0227ddeeb6784b40098be977e
http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_mipsel.deb
  Size/MD5 checksum:   915438 1d4751a80d3a3b7c1856d3c11e3c42be
http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_mipsel.deb
  Size/MD5 checksum:   960486 6eca0d12e7dcb0c2b048074897ce0633
http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_mipsel.deb
  Size/MD5 checksum:   885692 ab561bd3c0d59511cd64bb562504d32a

PowerPC architecture:

http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_powerpc.deb
  Size/MD5 checksum:   433282 44392c68c6c4642d13a8477e43888edc
http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_powerpc.deb
  Size/MD5 checksum:   894054 8caa102c4fc9eaebe14b07573c64e8d6
http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_powerpc.deb
  Size/MD5 checksum:   895404 a23e819c3810747f7133e7716a4c67f1
http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_powerpc.deb
  Size/MD5 checksum:   829348 9ac4bfbec280ba184f53ea25a985423d

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_s390.deb
  Size/MD5 checksum:   431388 184539e76b551bf4fc906f1b79a582cf
http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_s390.deb
  Size/MD5 checksum:   872456 9e731f496af24534688fae59e7f24045
http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_s390.deb
  Size/MD5 checksum:   876436 7de38b1345a4a25a875ee8126a4f4200
http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_s390.deb
  Size/MD5 checksum:   807628 d2388393e737ac21317a3e559566ec0d

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_sparc.deb
  Size/MD5 checksum:   440772 ef35b8dc5cc1abbb0276d724656f68c8
http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_sparc.deb
  Size/MD5 checksum:   911986 0b2eee94e97f64b49f2cd3ff072dc2fa
http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_sparc.deb
  Size/MD5 checksum:   912976 b690faf77cd6a932200779ca36763c95
http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_sparc.deb
  Size/MD5 checksum:   847972 3668f6f14f7924b1446fad9591bd1abb

You may use an automated update by adding the resources from the
footer to the proper configuration.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

OSVersionArchitecturePackageVersionFilename
Debian3mipsnethack-common< 3.4.0-3.0woody3nethack-common_3.4.0-3.0woody3_mips.deb
Debian3mipsnethack-x11< 3.4.0-3.0woody3nethack-x11_3.4.0-3.0woody3_mips.deb
Debian3mipselslashem< 0.0.6E4F8-4.0woody3slashem_0.0.6E4F8-4.0woody3_mipsel.deb
Debian3m68kslashem< 0.0.6E4F8-4.0woody3slashem_0.0.6E4F8-4.0woody3_m68k.deb
Debian3hppanethack-common< 3.4.0-3.0woody3nethack-common_3.4.0-3.0woody3_hppa.deb
Debian3m68knethack-x11< 3.4.0-3.0woody3nethack-x11_3.4.0-3.0woody3_m68k.deb
Debian3alphanethack-gnome< 3.4.0-3.0woody3nethack-gnome_3.4.0-3.0woody3_alpha.deb
Debian3armnethack-gnome< 3.4.0-3.0woody3nethack-gnome_3.4.0-3.0woody3_arm.deb
Debian3s390nethack-x11< 3.4.0-3.0woody3nethack-x11_3.4.0-3.0woody3_s390.deb
Debian3i386nethack-qt< 3.4.0-3.0woody3nethack-qt_3.4.0-3.0woody3_i386.deb
Rows per page:
1-10 of 531

Related

osv 2
nessus 2
openvas 4
debian 3
nvd 2
cvelist 2
debiancve 2
cve 2
osv
osv
nethack - buffer overflow, incorrect permissions
2003-06-11 00:00:00
falconseye - buffer overflow
2003-07-15 00:00:00
nessus
nessus
Debian DSA-350-1 : falconseye - buffer overflow
2004-09-29 00:00:00
Debian DSA-316-1 : nethack - buffer overflow, incorrect permissions
2004-09-29 00:00:00
openvas
openvas
Debian Security Advisory DSA 316-1 (nethack)
2008-01-17 00:00:00
Debian Security Advisory DSA 350-1 (falconseye)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-350)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA-316-3] New jnethack packages fix buffer overflow, incorrect permissions
2003-06-17 23:23:06
[SECURITY] [DSA-350-1] New falconseye packages fix buffer overflow
2003-07-15 13:06:44
[SECURITY] [DSA-316-2] New slashem packages fix buffer overflow
2003-06-12 03:13:01
nvd
nvd
CVE-2003-0358
2003-06-09 04:00:00
CVE-2003-0359
2003-07-24 04:00:00
cvelist
cvelist
CVE-2003-0358
2003-05-30 04:00:00
CVE-2003-0359
2022-10-03 16:15:44
debiancve
debiancve
CVE-2003-0359
2022-10-03 16:15:44
CVE-2003-0358
2003-06-09 04:00:00
cve
cve
CVE-2003-0358
2003-06-09 04:00:00
CVE-2003-0359
2022-10-03 16:15:44

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON
Related for DEBIAN:DSA-316-1:48A9A
osv2nessus2openvas4debian3nvd2cvelist2debiancve2cve2