Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

nethack C340-137: security issue fixed
From: devteam () nethack org
Date: Sat, 1 Mar 2003 12:33:38 -0800
Recently, a security issue affecting shared installations of nethack 3.4.0
where the game was installed setuid or setgid was discovered.  This bug has
now been fixed.

This issue was reported to bugtraq by tsao_4sh0 () hushmail com on 2/8/03
as "Subject: #!ICadv-02.09.03: nethack 3.4.0 local buffer overflow".
That report referred specifically to a Linux RPM not created by the
devteam.  However, the bug existed in the official nethack source as well.

Solutions:

1) The nethack 3.4.1 patch release, which was released on 2/23/2003,
includes a fix for this issue.  The 3.4.1 version can be downloaded from

    http://nethack.sourceforge.net/v341/downloads.html

Source and pre-built binaries for many platforms are available.
Additional information on 3.4.1 can be found at

    http://nethack.sourceforge.net/v341/release.html

2) If upgrading to 3.4.1 is not desired, a patch can be applied
to the 3.4.0 source.  The patch is available at
    http://nethack.sourceforge.net/v340/bugmore/secpatch.txt

Contact:

Security issues in nethack can be reported to devteam () nethack org
or by using the e-mail form at
    http://nethack.sourceforge.net/common/contact.html

Dave Cohrs
for the Nethack Development Team

  By Date           By Thread  

Current thread:
  • nethack C340-137: security issue fixed devteam (Mar 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]