Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0077)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2021.0077

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2021-0077)

Resumen: The remote host is missing an update for the 'nethack' package(s) announced via the MGASA-2021-0077 advisory.

Descripción: Summary:
The remote host is missing an update for the 'nethack' package(s) announced via the MGASA-2021-0077 advisory.

Vulnerability Insight:
Updated nethack packages fix security vulnerabilities:

NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when
reading very long lines from configuration files. This affects systems that
have NetHack installed suid/sgid, and shared systems that allow users to
upload their own configuration files (CVE-2019-19905).

In NetHack before 3.6.5, unknown options starting with -de and -i can cause
a buffer overflow resulting in a crash or remote code execution/privilege
escalation. This vulnerability affects systems that have NetHack installed
suid/sgid and shared systems that allow users to influence command line
options (CVE-2020-5209).

In NetHack before 3.6.5, an invalid argument to the -w command line option
can cause a buffer overflow resulting in a crash or remote code
execution/privilege escalation. This vulnerability affects systems that have
NetHack installed suid/sgid and shared systems that allow users to influence
command line options (CVE-2020-5210).

In NetHack before 3.6.5, an invalid extended command in value for the
AUTOCOMPLETE configuration file option can cause a buffer overflow resulting
in a crash or remote code execution/privilege escalation. This vulnerability
affects systems that have NetHack installed suid/sgid and shared systems
that allow users to upload their own configuration files (CVE-2020-5211).

In NetHack before 3.6.5, an extremely long value for the MENUCOLOR
configuration file option can cause a buffer overflow resulting in a crash
or remote code execution/privilege escalation. This vulnerability affects
systems that have NetHack installed suid/sgid and shared systems that allow
users to upload their own configuration files (CVE-2020-5212).

In NetHack before 3.6.5, too long of a value for the SYMBOL configuration
file option can cause a buffer overflow resulting in a crash or remote code
execution/privilege escalation. This vulnerability affects systems that have
NetHack installed suid/sgid and shared systems that allow users to upload
their own configuration files (CVE-2020-5213).

In NetHack before 3.6.5, detecting an unknown configuration file option can
cause a buffer overflow resulting in a crash or remote code
execution/privilege escalation. This vulnerability affects systems that have
NetHack installed suid/sgid and shared systems that allow users to upload
their own configuration files (CVE-2020-5214).

In NetHack before 3.6.6, some out-of-bound values for the hilite_status
option can be exploited (CVE-2020-5254).

The nethack package has been updated to version 3.6.6, fixing these issues
and other bugs. See the upstream release notes for details.

Affected Software/OS:
'nethack' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-19905
https://bugs.debian.org/947005
https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47
https://github.com/NetHack/NetHack/commit/f4a840a48f4bcf11757b3d859e9d53cc9d5ef226
https://nethack.org/security/
Common Vulnerability Exposure (CVE) ID: CVE-2020-5209
https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77
Common Vulnerability Exposure (CVE) ID: CVE-2020-5210
Common Vulnerability Exposure (CVE) ID: CVE-2020-5211
Common Vulnerability Exposure (CVE) ID: CVE-2020-5212
Common Vulnerability Exposure (CVE) ID: CVE-2020-5213
Common Vulnerability Exposure (CVE) ID: CVE-2020-5214
Common Vulnerability Exposure (CVE) ID: CVE-2020-5254

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0077
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0077)
Resumen:	The remote host is missing an update for the 'nethack' package(s) announced via the MGASA-2021-0077 advisory.
Descripción:	Summary: The remote host is missing an update for the 'nethack' package(s) announced via the MGASA-2021-0077 advisory. Vulnerability Insight: Updated nethack packages fix security vulnerabilities: NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files (CVE-2019-19905). In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options (CVE-2020-5209). In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options (CVE-2020-5210). In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files (CVE-2020-5211). In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files (CVE-2020-5212). In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files (CVE-2020-5213). In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files (CVE-2020-5214). In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited (CVE-2020-5254). The nethack package has been updated to version 3.6.6, fixing these issues and other bugs. See the upstream release notes for details. Affected Software/OS: 'nethack' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-19905 https://bugs.debian.org/947005 https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47 https://github.com/NetHack/NetHack/commit/f4a840a48f4bcf11757b3d859e9d53cc9d5ef226 https://nethack.org/security/ Common Vulnerability Exposure (CVE) ID: CVE-2020-5209 https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77 Common Vulnerability Exposure (CVE) ID: CVE-2020-5210 Common Vulnerability Exposure (CVE) ID: CVE-2020-5211 Common Vulnerability Exposure (CVE) ID: CVE-2020-5212 Common Vulnerability Exposure (CVE) ID: CVE-2020-5213 Common Vulnerability Exposure (CVE) ID: CVE-2020-5214 Common Vulnerability Exposure (CVE) ID: CVE-2020-5254
Copyright	Copyright (C) 2022 Greenbone AG