SB2020020502 - Multiple vulnerabilities in NetHack
Published: February 5, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2020-5214)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when detecting an unknown configuration file option. A remote attacker can trigger memory corruption, cause a denial of service (DoS) condition or execute arbitrary code on the target system with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files.
2) Buffer overflow (CVE-ID: CVE-2020-5213)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in an extremely long value for the SYMBOL configuration file options. A remote attacker can trigger memory corruption, cause a denial of service (DoS) condition or execute arbitrary code on the target system with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files.
3) Buffer overflow (CVE-ID: CVE-2020-5212)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in an extremely long value for the MENUCOLOR configuration file option. A remote attacker can trigger memory corruption, cause a denial of service (DoS) condition or execute arbitrary code on the target system with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files.
4) Buffer overflow (CVE-ID: CVE-2020-5210)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in an invalid argument to the -w command line option. A remote attacker can trigger memory corruption, cause a denial of service (DoS) condition or execute arbitrary code on the target system with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options.
5) Buffer overflow (CVE-ID: CVE-2020-5209)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when unknown options starting with -de and -i. A remote attacker can trigger memory corruption and cause a denial of service (DoS) condition or execute arbitrary code on the target system with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options.
6) Buffer overflow (CVE-ID: CVE-2020-5211)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in an invalid extended command in value for the AUTOCOMPLETE configuration file option. A remote attacker can trigger memory corruption, cause a denial of service (DoS) condition or execute arbitrary code on the target system with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files.
Remediation
Install update from vendor's website.
References
- https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6
- https://nethack.org/security/CVE-2020-5214.html
- https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v
- https://nethack.org/security/CVE-2020-5213.html
- https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56
- https://nethack.org/security/CVE-2020-5212.html
- https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77
- https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp
- https://nethack.org/security/CVE-2020-5210.html
- https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8
- https://nethack.org/security/CVE-2020-5209.html
- https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7