{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-03-23T00:00:00", "descriptions": [{"lang": "en", "value": "The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "19376", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19376"}, {"name": "GLSA-200603-23", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-23.xml"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=125902"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=127167"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=127319"}, {"name": "20060324 Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Localprivilege escalation", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/428739/100/0/threaded"}, {"name": "gentoo-multiple-games-privilege-escalation(25528)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25528"}, {"name": "20060324 Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/428743/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=122376"}, {"name": "24104", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24104"}, {"name": "17217", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17217"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1390", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "19376", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19376"}, {"name": "GLSA-200603-23", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-23.xml"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=125902", "refsource": "MISC", "url": "http://bugs.gentoo.org/show_bug.cgi?id=125902"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=127167", "refsource": "MISC", "url": "http://bugs.gentoo.org/show_bug.cgi?id=127167"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=127319", "refsource": "MISC", "url": "http://bugs.gentoo.org/show_bug.cgi?id=127319"}, {"name": "20060324 Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Localprivilege escalation", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/428739/100/0/threaded"}, {"name": "gentoo-multiple-games-privilege-escalation(25528)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25528"}, {"name": "20060324 Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/428743/100/0/threaded"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=122376", "refsource": "MISC", "url": "http://bugs.gentoo.org/show_bug.cgi?id=122376"}, {"name": "24104", "refsource": "OSVDB", "url": "http://www.osvdb.org/24104"}, {"name": "17217", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17217"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:12:21.262Z"}, "title": "CVE Program Container", "references": [{"name": "19376", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19376"}, {"name": "GLSA-200603-23", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-23.xml"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=125902"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=127167"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=127319"}, {"name": "20060324 Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Localprivilege escalation", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/428739/100/0/threaded"}, {"name": "gentoo-multiple-games-privilege-escalation(25528)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25528"}, {"name": "20060324 Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/428743/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=122376"}, {"name": "24104", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24104"}, {"name": "17217", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17217"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1390", "datePublished": "2006-03-25T00:00:00", "dateReserved": "2006-03-24T00:00:00", "dateUpdated": "2024-08-07T17:12:21.262Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gentoo:linux:0.5:*:*:*:*:*:*:*", "matchCriteriaId": "980553F2-8662-47CF-95F0-645141746AEA", "vulnerable": true}, {"criteria": "cpe:2.3:o:gentoo:linux:0.7:*:*:*:*:*:*:*", "matchCriteriaId": "40EBF1CD-B392-4262-8F06-2C784ADAF0F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:gentoo:linux:1.1a:*:*:*:*:*:*:*", "matchCriteriaId": "9C00F84A-FCD4-4935-B7DE-ECBA6AE9B074", "vulnerable": true}, {"criteria": "cpe:2.3:o:gentoo:linux:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "960DC6C2-B285-41D4-96F7-ED97F8BD5482", "vulnerable": true}, {"criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "D1FD0EB4-E744-4465-AFEE-A3C807C9C993", "vulnerable": true}, {"criteria": "cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*", "matchCriteriaId": "1D866A7D-F0B9-4EA3-93C6-1E7C2C2A861F", "vulnerable": true}, {"criteria": "cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*", "matchCriteriaId": "57772E3B-893C-408A-AA3B-78C972ED4D5E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks."}], "evaluatorSolution": "This vulnerability applies only to the following games/versions: \r\n1) NetHack 3.4.3-r1 and previous \r\n2) Falcon's Eye 1.9.4a and previous \r\n3) Slash'EM 0.0.760 and previous", "id": "CVE-2006-1390", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-03-25T00:06:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=122376"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=125902"}, {"source": "cve@mitre.org", "url": "http://bugs.gentoo.org/show_bug.cgi?id=127167"}, {"source": "cve@mitre.org", "url": "http://bugs.gentoo.org/show_bug.cgi?id=127319"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19376"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-23.xml"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24104"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/428739/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/428743/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/17217"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25528"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=122376"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=125902"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.gentoo.org/show_bug.cgi?id=127167"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.gentoo.org/show_bug.cgi?id=127319"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19376"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-23.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/24104"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/428739/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/428743/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/17217"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25528"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}