|
Family: Debian Local Security Checks --> Category: infos
[DSA316] DSA-316-1 nethack Vulnerability Scan
Vulnerability Scan Summary DSA-316-1 nethack
Detailed Explanation for this Vulnerability Test
The nethack and slashem packages are vulnerable to a buffer overflow exploited via a
long '-s' command line option. This vulnerability could be used by an
attacker to gain gid 'games' on a system where nethack is installed.
Additionally, some setgid binaries in the nethack package have
incorrect permissions, which could allow a user who gains gid 'games'
to replace these binaries, potentially causing other users to execute
malicious code when they run nethack.
Note that slashem does not contain the file permission problem
CVE-2003-0359.
For the stable distribution (woody) these problems have been fixed in
version 3.4.0-3.0woody3.
For the old stable distribution (potato) these problems have been fixed in
version 3.3.0-7potato1.
For the unstable distribution (sid) these problems are fixed in
version 3.4.1-1.
We recommend that you update your nethack package.
For the stable distribution (woody) these problems have been fixed in
version 0.0.6E4F8-4.0woody3.
For the old stable distribution (potato) these problems have been fixed in
version 0.0.5E7-3potato1.
For the unstable distribution (sid) these problems are fixed in
version 0.0.6E4F8-6.
We recommend that you update your slashem package.
Solution : http://www.debian.org/security/2003/dsa-316
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|