Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Gentoo: 230401-16 Important: Severe Nethack Memory Leak Vulnerability

gentoo
Calendar Grey February 18, 2003
Dist Gentoo Esm H88
A significant flaw in Nethack could permit unauthorized users to exploit game UID on Gentoo deployments. Prompt updates are highly advised.
Overflowing a buffer in nethack may lead to privelige escalation to games uid.

Summary


- ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200302-08
- ---------------------------------------------------------------------
DATE    : 2003-02-18 09:10 UTC

- ---------------------------------------------------------------------
Overflowing a buffer in nethack may lead to privelige escalation to games uid.
Read the full advisory at: http://marc.theaimsgroup.com/?l=bugtraq&m=104489201032144&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running app-games/nethack upgrade to nethack-3.4.0-r6 as follows:
emerge sync emerge -u nethack emerge clean
- --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at - ---------------------------------------------------------------------

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
important
Lowest
Low
Medium
High
Critical

PACKAGE : nethack
SUMMARY : buffer overflow
EXPLOIT : local

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here