[Bug 187353] Possible security issue
bugzilla at redhat.com
bugzilla at redhat.com
Fri Apr 4 11:30:28 UTC 2008
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Possible security issue
Alias: CVE-2006-1390
https://bugzilla.redhat.com/show_bug.cgi?id=187353
------- Additional Comments From j.w.r.degoede at hhs.nl 2008-04-04 07:30 EST -------
>From me (repeating myself from comment #3):
Although users are not in the games group on Fedora this is still a problem,
this hole allows the following scenario:
- find a sgid game which is exploitable to get games gid rights
- use the games gid rights to drop a crafted file which will
exploit nethack when opened by nethack.
- once another users runs nethack and opens the crafted file
unwanted things get done with the rights of the other user.
So although low priority this needs fixing never the less.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the fedora-triage-list
mailing list