Gentoo Nethack And Variants Local Privilege Escalation Vulnerability

Bugtraq ID:	17217
Class:	Design Error
CVE:
Remote:	No
Local:	Yes
Published:	Mar 23 2006 12:00AM
Updated:	Mar 24 2006 11:09PM
Credit:	Sune Kloppenborg Jeppesen reported this vulnerability.
Vulnerable:	Gentoo Linux 1.4 _rc3 Gentoo Linux 1.4 _rc2 Gentoo Linux 1.4 _rc1 Gentoo Linux 1.4 Gentoo Linux 1.2 Gentoo Linux 1.1 a Gentoo Linux 0.7 Gentoo Linux 0.5 Gentoo Linux
Not Vulnerable:

Gentoo Nethack And Variants Local Privilege Escalation Vulnerability


Nethack and its variant versions are prone to a local privilege-escalation vulnerability. The issue results from a design error.

A local attacker can leverage this issue to exploit latent vulnerabilities in applications by overwriting shared game data files.

Gentoo Nethack And Variants Local Privilege Escalation Vulnerability


An exploit is not required; exploit code is required for all but the symlink attack.

Gentoo Nethack And Variants Local Privilege Escalation Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]

Gentoo Nethack And Variants Local Privilege Escalation Vulnerability

References:

• CVE-2015-7513 Kernel: kvm: divide by zero issue leads to DoS (Prasad J Pandit)
  
• Nethack (Nethack)
  
• [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation ( Sune Kloppenborg Jeppesen )