Affected versions: 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.4
First Patched Version: 3.6.5
Git commit: 74de7d31e0a6b3e2ebd852e333fe66d212fd6a90, deccf6a7965207b7ed5960f4fdc0dd7b8082c4be
Too long value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation.
This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files.
All users are urged to upgrade to NetHack 3.6.5 as soon as possible.
Additional information related to this advisory, if any, will be made available at https://nethack.org/security.
27-Jan-2020 NetHack 3.6.5 released with fix.
12-Jan-2020 Bug reported.
Hosted courtesy of alt.org.
NetHack is Copyright 1985-2020 by Stichting Mathematisch Centrum
and M. Stephenson. See
our license for details.
This site is Copyright 1999-2021 by Kenneth Lorber, Kensington, Maryland.