CVE-2006-1390

Name of the Vulnerable Software and Affected Versions NetHack versions 3.4.3-r1 and earlier Falcon's Eye versions 1.9.4a and earlier Slash'EM versions 0.0.760 and earlier

Description The issue allows local users in the games group to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks by modifying saved games files.

Recommendations For NetHack versions 3.4.3-r1 and earlier, consider restricting access to saved games files to prevent modification. For Falcon's Eye versions 1.9.4a and earlier, restrict write access to sensitive files that could be overwritten via symlink attacks. For Slash'EM versions 0.0.760 and earlier, limit the ability of local users in the games group to modify saved games files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.