CVE-2006-1390 (GCVE-0-2006-1390)
Vulnerability from cvelistv5
Published
2006-03-25 00:00
Modified
2024-08-07 17:12
Severity ?
CWE
  • n/a
Summary
The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks.
References
cve@mitre.org http://bugs.gentoo.org/show_bug.cgi?id=122376 Exploit
cve@mitre.org http://bugs.gentoo.org/show_bug.cgi?id=125902 Exploit
cve@mitre.org http://bugs.gentoo.org/show_bug.cgi?id=127167
cve@mitre.org http://bugs.gentoo.org/show_bug.cgi?id=127319
cve@mitre.org http://secunia.com/advisories/19376 Vendor Advisory
cve@mitre.org http://www.gentoo.org/security/en/glsa/glsa-200603-23.xml Patch
cve@mitre.org http://www.osvdb.org/24104
cve@mitre.org http://www.securityfocus.com/archive/1/428739/100/0/threaded
cve@mitre.org http://www.securityfocus.com/archive/1/428743/100/0/threaded
cve@mitre.org http://www.securityfocus.com/bid/17217
cve@mitre.org https://exchange.xforce.ibmcloud.com/vulnerabilities/25528
af854a3a-2127-422b-91ae-364da2661108 http://bugs.gentoo.org/show_bug.cgi?id=122376 Exploit
af854a3a-2127-422b-91ae-364da2661108 http://bugs.gentoo.org/show_bug.cgi?id=125902 Exploit
af854a3a-2127-422b-91ae-364da2661108 http://bugs.gentoo.org/show_bug.cgi?id=127167
af854a3a-2127-422b-91ae-364da2661108 http://bugs.gentoo.org/show_bug.cgi?id=127319
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/19376 Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 http://www.gentoo.org/security/en/glsa/glsa-200603-23.xml Patch
af854a3a-2127-422b-91ae-364da2661108 http://www.osvdb.org/24104
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/archive/1/428739/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/archive/1/428743/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/bid/17217
af854a3a-2127-422b-91ae-364da2661108 https://exchange.xforce.ibmcloud.com/vulnerabilities/25528
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:12:21.262Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "19376",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19376"
          },
          {
            "name": "GLSA-200603-23",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-23.xml"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=125902"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=127167"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=127319"
          },
          {
            "name": "20060324 Re: [ GLSA 200603-23 ] NetHack, Slash\u0027EM, Falcon\u0027s Eye: Localprivilege escalation",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/428739/100/0/threaded"
          },
          {
            "name": "gentoo-multiple-games-privilege-escalation(25528)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25528"
          },
          {
            "name": "20060324 Re: [ GLSA 200603-23 ] NetHack, Slash\u0027EM, Falcon\u0027s Eye: Local privilege escalation",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/428743/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=122376"
          },
          {
            "name": "24104",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/24104"
          },
          {
            "name": "17217",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17217"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-03-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The configuration of NetHack 3.4.3-r1 and earlier, Falcon\u0027s Eye 1.9.4a and earlier, and Slash\u0027EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "19376",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19376"
        },
        {
          "name": "GLSA-200603-23",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-23.xml"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=125902"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=127167"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=127319"
        },
        {
          "name": "20060324 Re: [ GLSA 200603-23 ] NetHack, Slash\u0027EM, Falcon\u0027s Eye: Localprivilege escalation",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/428739/100/0/threaded"
        },
        {
          "name": "gentoo-multiple-games-privilege-escalation(25528)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25528"
        },
        {
          "name": "20060324 Re: [ GLSA 200603-23 ] NetHack, Slash\u0027EM, Falcon\u0027s Eye: Local privilege escalation",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/428743/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=122376"
        },
        {
          "name": "24104",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/24104"
        },
        {
          "name": "17217",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17217"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-1390",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The configuration of NetHack 3.4.3-r1 and earlier, Falcon\u0027s Eye 1.9.4a and earlier, and Slash\u0027EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "19376",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19376"
            },
            {
              "name": "GLSA-200603-23",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-23.xml"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=125902",
              "refsource": "MISC",
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=125902"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=127167",
              "refsource": "MISC",
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=127167"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=127319",
              "refsource": "MISC",
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=127319"
            },
            {
              "name": "20060324 Re: [ GLSA 200603-23 ] NetHack, Slash\u0027EM, Falcon\u0027s Eye: Localprivilege escalation",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/428739/100/0/threaded"
            },
            {
              "name": "gentoo-multiple-games-privilege-escalation(25528)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25528"
            },
            {
              "name": "20060324 Re: [ GLSA 200603-23 ] NetHack, Slash\u0027EM, Falcon\u0027s Eye: Local privilege escalation",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/428743/100/0/threaded"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=122376",
              "refsource": "MISC",
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=122376"
            },
            {
              "name": "24104",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/24104"
            },
            {
              "name": "17217",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17217"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-1390",
    "datePublished": "2006-03-25T00:00:00",
    "dateReserved": "2006-03-24T00:00:00",
    "dateUpdated": "2024-08-07T17:12:21.262Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-1390\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-03-25T00:06:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The configuration of NetHack 3.4.3-r1 and earlier, Falcon\u0027s Eye 1.9.4a and earlier, and Slash\u0027EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gentoo:linux:0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"980553F2-8662-47CF-95F0-645141746AEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gentoo:linux:0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40EBF1CD-B392-4262-8F06-2C784ADAF0F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gentoo:linux:1.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C00F84A-FCD4-4935-B7DE-ECBA6AE9B074\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gentoo:linux:1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"960DC6C2-B285-41D4-96F7-ED97F8BD5482\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1FD0EB4-E744-4465-AFEE-A3C807C9C993\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D866A7D-F0B9-4EA3-93C6-1E7C2C2A861F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"57772E3B-893C-408A-AA3B-78C972ED4D5E\"}]}]}],\"references\":[{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=122376\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=125902\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=127167\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=127319\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/19376\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200603-23.xml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.osvdb.org/24104\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/428739/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/428743/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/17217\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25528\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=122376\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=125902\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=127167\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=127319\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/19376\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200603-23.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.osvdb.org/24104\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/428739/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/428743/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/17217\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25528\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorSolution\":\"This vulnerability applies only to the following games/versions: \\r\\n1) NetHack 3.4.3-r1 and previous \\r\\n2) Falcon\u0027s Eye 1.9.4a and previous \\r\\n3) Slash\u0027EM 0.0.760 and previous\"}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.