|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200603-23] NetHack, Slash\'EM, Falcon\'s Eye: Local privilege escalation Vulnerability Scan
Vulnerability Scan Summary
NetHack, Slash'EM, Falcon's Eye: Local privilege escalation
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200603-23
(NetHack, Slash'EM, Falcon's Eye: Local privilege escalation)
NetHack, Slash'EM and Falcon's Eye have been found to be
incompatible with the system used for managing games on Gentoo Linux.
As a result, they cannot be played securely on systems with multiple
users.
Impact
A local user who is a member of group "games" may be able to
modify the state data used by NetHack, Slash'EM or Falcon's Eye to
trigger the execution of arbitrary code with the rights of other
players. Additionally, the games may create save game files in a manner
not suitable for use on Gentoo Linux, potentially allowing a local user
to create or overwrite files with the permissions of other players.
Workaround
Do not add untrusted users to the "games" group.
Solution:
NetHack has been masked in Portage pending the resolution of these
issues. Vulnerable NetHack users are advised to uninstall the package
until further notice.
# emerge --ask --verbose --unmerge "games-roguelike/nethack"
Slash'EM has been masked in Portage pending the resolution of
these issues. Vulnerable Slash'EM users are advised to uninstall the
package until further notice.
# emerge --ask --verbose --unmerge "games-roguelike/slashem"
Falcon's Eye has been masked in Portage pending the resolution
of these issues. Vulnerable Falcon's Eye users are advised to uninstall
the package until further notice.
# emerge --ask --verbose --unmerge "games-roguelike/falconseye"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
