[Bug 187353] CVE-2006-1390 nethack: Local privilege escalation via crafted score file
bugzilla at redhat.com
bugzilla at redhat.com
Sun Mar 15 20:42:22 UTC 2009
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=187353
--- Comment #15 from Luke Macken <lmacken at redhat.com> 2009-03-15 16:42:19 EDT ---
Reply from nethack upstream about this issue, and the potential rumour that it
has been fixed upstream.
"""
> Someone in the Gentoo community mentioned a while back that the
> dev team had patched the buffer overflow.
We could probably extract the relevant changes, but I don't
think that you actually need them. The real security bug is
being caused by gentoo's policy of giving users full access to
the same group as nethack's setgid setting. They shot themselves
in the foot here, by allowing users to modify the score file
outside of nethack. The lax buffer handling has been (or will
be, from a 3.4.3 perspective...) fixed, but it is not exploitable
in a standard installation where nethack runs in a group whose
files can't be manipulated by arbitrary users.
I assume that redhat/fedora doesn't have the same config
issue as gentoo. If I'm wrong, then you should change nethack
to run in a distinct group rather than--or in addition to--
patching its score file parsing code.
"""
+1 for closing this bug :)
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the fedora-triage-list
mailing list