CVE-2006-1390 | Vulnerability Database | Aqua Security

The configuration of NetHack 3.4.3-r1 and earlier, Falcons Eye 1.9.4a and earlier, and SlashEM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks.

Affected Software

Name	Vendor	Start Version	End Version
Linux	Gentoo	0.5 (including)	0.5 (including)
Linux	Gentoo	0.7 (including)	0.7 (including)
Linux	Gentoo	1.1a (including)	1.1a (including)
Linux	Gentoo	1.2 (including)	1.2 (including)
Linux	Gentoo	1.4 (including)	1.4 (including)
Linux	Gentoo	1.4-rc1 (including)	1.4-rc1 (including)
Linux	Gentoo	1.4-rc2 (including)	1.4-rc2 (including)
Linux	Gentoo	1.4-rc3 (including)	1.4-rc3 (including)

References

http://bugs.gentoo.org/show_bug.cgi?id=122376
http://bugs.gentoo.org/show_bug.cgi?id=125902
http://bugs.gentoo.org/show_bug.cgi?id=127167
http://bugs.gentoo.org/show_bug.cgi?id=127319
http://secunia.com/advisories/19376
http://www.gentoo.org/security/en/glsa/glsa-200603-23.xml
http://www.osvdb.org/24104
http://www.securityfocus.com/archive/1/428739/100/0/threaded
http://www.securityfocus.com/archive/1/428743/100/0/threaded
http://www.securityfocus.com/bid/17217
https://exchange.xforce.ibmcloud.com/vulnerabilities/25528

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-1390
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html