Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2003-0358

Published: 09/06/2003 Updated: 09/12/2020
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 476
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Falconseye Project

Vulnerability Summary

Buffer overflow in (1) nethack 3.4.0 and previous versions, and (2) falconseye 1.9.3 and previous versions, which is based on nethack, allows local users to gain privileges via a long -s command line option.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

falconseye project falconseye

nethack nethack

debian debian linux 2.2

debian debian linux 3.0

Vendor Advisories

Debian Security Advisories: DSA-350-1 falconseye -- buffer overflow
The falconseye package is vulnerable to a buffer overflow exploited via a long -s command line option This vulnerability could be used by an attacker to gain gid 'games' on a system where falconseye is installed Note that falconseye does not contain the file permission error CAN-2003-0359 which affected some other nethack packages For the stable ...

Exploits

Exploit DB: Nethack 3 - Local Buffer Overflow (3)
source: wwwsecurityfocuscom/bid/6806/info By passing an overly large string when invoking nethack, it is possible to corrupt memory By exploiting this issue it may be possible for an attacker to overwrite values in sensitive areas of memory, resulting in the execution of arbitrary attacker-supplied code As nethack may be installed se ...
Exploit DB: Nethack 3 - Local Buffer Overflow (2)
source: wwwsecurityfocuscom/bid/6806/info By passing an overly large string when invoking nethack, it is possible to corrupt memory By exploiting this issue it may be possible for an attacker to overwrite values in sensitive areas of memory, resulting in the execution of arbitrary attacker-supplied code As nethack may be installed se ...
Exploit DB: Nethack 3 - Local Buffer Overflow (1)
source: wwwsecurityfocuscom/bid/6806/info By passing an overly large string when invoking nethack, it is possible to corrupt memory By exploiting this issue it may be possible for an attacker to overwrite values in sensitive areas of memory, resulting in the execution of arbitrary attacker-supplied code As nethack may be installed setg ...

Github Repositories

https://github.com/snowcra5h/CVE-2003-0358

By passing an overly large string when invoking nethack, it is possible to corrupt memory. jnethack and falconseye are also prone to this vulnerability.

CVE-2003-0358 Posting for historical reasons snowcrash snowcra5h@icloudcom githubcom/snowcra5h/ Description Buffer overflow in (1) nethack 340 and earlier, and (2) falconseye 193 and earlier, which is based on nethack, allows local users to gain privileges > via a long -s command line option References wwwexploit-dbcom/?author=4939 https:

https://github.com/snowcra5h/snowcra5h

snowcrash Excessively driven developer, constantly labouring on self-improvement and supporting others

https://github.com/7etsuo/7etsuo

snowcrash Excessively driven developer, constantly labouring on self-improvement and supporting others

References

CWE-120http://www.securityfocus.com/archive/1/311172/2003-02-08/2003-02-14/0http://nethack.sourceforge.net/v340/bugmore/secpatch.txthttp://www.debian.org/security/2003/dsa-316http://www.debian.org/security/2003/dsa-350http://www.securityfocus.com/bid/6806https://exchange.xforce.ibmcloud.com/vulnerabilities/11283https://nvd.nist.govhttps://www.debian.org/security/./dsa-350https://github.com/snowcra5h/CVE-2003-0358https://www.exploit-db.com/exploits/22235/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook