Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2006-1390 | First vendor Publication | 2006-03-24 |
Vendor | Cve | Last vendor Modification | 2018-10-18 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.6 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1390 |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200603-23 (nethack slashem falconseye) File : nvt/glsa_200603_23.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
24105 | Gentoo Linux Multiple nethack Games Saved Game Symlink Arbitrary File Overwrite |
24104 | Gentoo Linux Multiple nethack Games High Score Processing Local Overflow A local overflow exists in Nethack, Falsconseye, and Slashem. Gentoo's group game policy allows users to manipulate the game's record and state files. Nethack, Falsconseye, and Slashem fail to properly check record data in '/var/games/nethack/record' resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution with the rights of other players resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-03-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200603-23.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:03:50 |
|
2021-04-22 01:04:23 |
|
2020-05-23 00:17:33 |
|
2018-10-18 21:20:02 |
|
2017-07-20 09:23:27 |
|
2016-06-28 15:41:08 |
|
2016-04-26 14:25:56 |
|
2014-02-17 10:35:09 |
|
2013-05-11 10:52:21 |
|