Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Mageia 7: MGASA-2021-0077 Critical: NetHack Buffer Overflow Exploit

mageia
Calendar Grey February 10, 2021
Dist Mageia Esm H88
The revamped NetHack component resolves critical memory corruption vulnerabilities in Mageia, significantly boosting system defenses.
Updated nethack packages fix security vulnerabilities: NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files

Summary

Updated nethack packages fix security vulnerabilities:
NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files (CVE-2019-19905).
In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options (CVE-2020-5209).
In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options (CVE-2020-5210).
In NetHac...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=26228

- https://nethack.org/v362/release.html

- https://nethack.org/v363/release.html

- https://nethack.org/v364/release.html

- https://nethack.org/v365/release.html

- https://nethack.org/v366/release.html

- https://www.nethack.org/security/CVE-2019-19905.html

- https://www.nethack.org/security/CVE-2020-5209.html

- https://www.nethack.org/security/CVE-2020-5210.html

- https://www.nethack.org/security/CVE-2020-5211.html

- https://www.nethack.org/security/CVE-2020-5212.html

- https://www.nethack.org/security/CVE-2020-5213.html

- https://www.nethack.org/security/CVE-2020-5214.html

- https://www.nethack.org/security/CVE-2020-5254.html

- https://www.cve.org/CVERecord?id=CVE-2019-19905

- https://www.cve.org/CVERecord?id=CVE-2020-5209

- https://www.cve.org/CVERecord?id=CVE-2020-5210

- https://www.cve.org/CVERecord?id=CVE-2020-5211

- https://www.cve.org/CVERecord?id=CVE-2020-5212

- https://www.cve.org/CVERecord?id=CVE-2020-5213

- https://www.cve.org/CVERecord?id=CVE-2020-5214

- https://www.cve.org/CVERecord?id=CVE-2020-5254

Resolution

SRPMS

- 7/core/nethack-3.6.6-1.mga7

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 10 Feb 2021
URL: https://advisories.mageia.org/MGASA-2021-0077.html
Type: security
CVE: CVE-2019-19905, CVE-2020-5209, CVE-2020-5210, CVE-2020-5211, CVE-2020-5212, CVE-2020-5213, CVE-2020-5214, CVE-2020-5254

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here