[gentoo-announce] [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation - gentoo-announce

From:	Sune Kloppenborg Jeppesen <jaervosz@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation
Date:	Thu, 23 Mar 2006 23:54:55
Message-Id:	`200603232310.14144.jaervosz@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200603-23

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: NetHack, Slash'EM, Falcon's Eye: Local privilege escalation

9

      Date: March 23, 2006

10

      Bugs: #125902, #122376, #127167, #127319

11

        ID: 200603-23

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

NetHack, Slash'EM and Falcon's Eye are vulnerable to local privilege

19

escalation vulnerabilities that could potentially allow the execution

20

of arbitrary code as other users.

21

22

Background

23

==========

24

25

NetHack is the classic single player dungeon exploration game. Slash'EM

26

and Falcon's Eye are NetHack variants.

27

28

Affected packages

29

=================

30

31

    -------------------------------------------------------------------

32

     Package                     /   Vulnerable   /         Unaffected

33

    -------------------------------------------------------------------

34

  1  games-roguelike/nethack         <= 3.4.3-r1           Vulnerable!

35

  2  games-roguelike/falconseye       <= 1.9.4a            Vulnerable!

36

  3  games-roguelike/slashem         <= 0.0.760            Vulnerable!

37

    -------------------------------------------------------------------

38

     NOTE: Certain packages are still vulnerable. Users should migrate

39

           to another package if one is available or wait for the

40

           existing packages to be marked stable by their

41

           architecture maintainers.

42

    -------------------------------------------------------------------

43

     3 affected packages on all of their supported architectures.

44

    -------------------------------------------------------------------

45

46

Description

47

===========

48

49

NetHack, Slash'EM and Falcon's Eye have been found to be incompatible

50

with the system used for managing games on Gentoo Linux. As a result,

51

they cannot be played securely on systems with multiple users.

52

53

Impact

54

======

55

56

A local user who is a member of group "games" may be able to modify the

57

state data used by NetHack, Slash'EM or Falcon's Eye to trigger the

58

execution of arbitrary code with the privileges of other players.

59

Additionally, the games may create save game files in a manner not

60

suitable for use on Gentoo Linux, potentially allowing a local user to

61

create or overwrite files with the permissions of other players.

62

63

Workaround

64

==========

65

66

Do not add untrusted users to the "games" group.

67

68

Resolution

69

==========

70

71

NetHack has been masked in Portage pending the resolution of these

72

issues. Vulnerable NetHack users are advised to uninstall the package

73

until further notice.

74

75

    # emerge --ask --verbose --unmerge "games-roguelike/nethack"

76

77

Slash'EM has been masked in Portage pending the resolution of these

78

issues. Vulnerable Slash'EM users are advised to uninstall the package

79

until further notice.

80

81

    # emerge --ask --verbose --unmerge "games-roguelike/slashem"

82

83

Falcon's Eye has been masked in Portage pending the resolution of these

84

issues. Vulnerable Falcon's Eye users are advised to uninstall the

85

package until further notice.

86

87

    # emerge --ask --verbose --unmerge "games-roguelike/falconseye"

88

89

Availability

90

============

91

92

This GLSA and any updates to it are available for viewing at

93

the Gentoo Security Website:

94

95

  http://security.gentoo.org/glsa/glsa-200603-23.xml

96

97

Concerns?

98

=========

99

100

Security is a primary focus of Gentoo Linux and ensuring the

101

confidentiality and security of our users machines is of utmost

102

importance to us. Any security concerns should be addressed to

103

security@g.o or alternatively, you may file a bug at

104

http://bugs.gentoo.org.

105

106

License

107

=======

108

109

Copyright 2006 Gentoo Foundation, Inc; referenced text

110

belongs to its owner(s).

111

112

The contents of this document are licensed under the

113

Creative Commons - Attribution / Share Alike license.

114

115

http://creativecommons.org/licenses/by-sa/2.0

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200603-23
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: NetHack, Slash'EM, Falcon's Eye: Local privilege escalation
9	Date: March 23, 2006
10	Bugs: #125902, #122376, #127167, #127319
11	ID: 200603-23
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	NetHack, Slash'EM and Falcon's Eye are vulnerable to local privilege
19	escalation vulnerabilities that could potentially allow the execution
20	of arbitrary code as other users.
21
22	Background
23	==========
24
25	NetHack is the classic single player dungeon exploration game. Slash'EM
26	and Falcon's Eye are NetHack variants.
27
28	Affected packages
29	=================
30
31	-------------------------------------------------------------------
32	Package / Vulnerable / Unaffected
33	-------------------------------------------------------------------
34	1 games-roguelike/nethack <= 3.4.3-r1 Vulnerable!
35	2 games-roguelike/falconseye <= 1.9.4a Vulnerable!
36	3 games-roguelike/slashem <= 0.0.760 Vulnerable!
37	-------------------------------------------------------------------
38	NOTE: Certain packages are still vulnerable. Users should migrate
39	to another package if one is available or wait for the
40	existing packages to be marked stable by their
41	architecture maintainers.
42	-------------------------------------------------------------------
43	3 affected packages on all of their supported architectures.
44	-------------------------------------------------------------------
45
46	Description
47	===========
48
49	NetHack, Slash'EM and Falcon's Eye have been found to be incompatible
50	with the system used for managing games on Gentoo Linux. As a result,
51	they cannot be played securely on systems with multiple users.
52
53	Impact
54	======
55
56	A local user who is a member of group "games" may be able to modify the
57	state data used by NetHack, Slash'EM or Falcon's Eye to trigger the
58	execution of arbitrary code with the privileges of other players.
59	Additionally, the games may create save game files in a manner not
60	suitable for use on Gentoo Linux, potentially allowing a local user to
61	create or overwrite files with the permissions of other players.
62
63	Workaround
64	==========
65
66	Do not add untrusted users to the "games" group.
67
68	Resolution
69	==========
70
71	NetHack has been masked in Portage pending the resolution of these
72	issues. Vulnerable NetHack users are advised to uninstall the package
73	until further notice.
74
75	# emerge --ask --verbose --unmerge "games-roguelike/nethack"
76
77	Slash'EM has been masked in Portage pending the resolution of these
78	issues. Vulnerable Slash'EM users are advised to uninstall the package
79	until further notice.
80
81	# emerge --ask --verbose --unmerge "games-roguelike/slashem"
82
83	Falcon's Eye has been masked in Portage pending the resolution of these
84	issues. Vulnerable Falcon's Eye users are advised to uninstall the
85	package until further notice.
86
87	# emerge --ask --verbose --unmerge "games-roguelike/falconseye"
88
89	Availability
90	============
91
92	This GLSA and any updates to it are available for viewing at
93	the Gentoo Security Website:
94
95	http://security.gentoo.org/glsa/glsa-200603-23.xml
96
97	Concerns?
98	=========
99
100	Security is a primary focus of Gentoo Linux and ensuring the
101	confidentiality and security of our users machines is of utmost
102	importance to us. Any security concerns should be addressed to
103	security@g.o or alternatively, you may file a bug at
104	http://bugs.gentoo.org.
105
106	License
107	=======
108
109	Copyright 2006 Gentoo Foundation, Inc; referenced text
110	belongs to its owner(s).
111
112	The contents of this document are licensed under the
113	Creative Commons - Attribution / Share Alike license.
114
115	http://creativecommons.org/licenses/by-sa/2.0

Gentoo Archives: gentoo-announce