Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege

from [neeko] Network Security [Permanent Link]
Subject: Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation
Date: Fri, 24 Mar 2006 03:26:12 -0800 (PST) 
Hello everyone.

Doesn't the included text from the advisory really make it sound more like a 
problem with their system for managing games?  It doesn't point out any flaw 
in nethack in general, just behavior that's unexpected/unwanted/uncontrollable
in their system. 

Are any other distributions/platforms vulnerable to a problem in nethack like
this?  Sounds like it'd be big news, considering the install base of these
games.  

If this problem is on their end, are other games/applications able to trigger
it?

They've essentially wiped these fundamental applications (sorry) off their
tree for the time being, that's pretty severe.

Does anyone have any insight into this?  I'm a big nethack fan..

Thanks.

--

J.Roberts (Neeko) 




Description
===========

NetHack, Slash'EM and Falcon's Eye have been found to be incompatible
with the system used for managing games on Gentoo Linux. As a result,
they cannot be played securely on systems with multiple users.

Impact
======

A local user who is a member of group "games" may be able to modify the
state data used by NetHack, Slash'EM or Falcon's Eye to trigger the
execution of arbitrary code with the privileges of other players.
Additionally, the games may create save game files in a manner not
suitable for use on Gentoo Linux, potentially allowing a local user to
create or overwrite files with the permissions of other players.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] [DDSi-SA] XSS in Raindance Communications Web Conferencing Pro, D.Snezhkov
Next by Date:  Secunia Research: Quick 'n Easy/Baby Web Server ASP Code Disclosure Vulnerability, Secunia Research
Previous by Thread:  [Full-disclosure] [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation, Sune Kloppenborg Jeppesen
Next by Thread:  Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation, Chris Gianelloni
Indexes:  [Date] [Thread] [Top] [All Lists]