Vulnerability Name: | CCN-51473 | ||||||
Published: | 2009-06-30 | ||||||
Updated: | 2009-06-30 | ||||||
Summary: | The NetBSD hack(6) game is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the main() function when processing the GENOCIDED variable. A local attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with privileges of the "games" group. | ||||||
CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||
CVSS v2 Severity: | 4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P) 3.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
| ||||||
Vulnerability Consequences: | Gain Privileges | ||||||
References: | Source: CCN Type: NetBSD-SA2009-007 Buffer overflows in hack(6) Source: CCN Type: SA35631 NetBSD hack Privilege Escalation Vulnerabilities Source: CCN Type: BID-35542 NetBSD 'hack(6)' Multiple Privilege Escalation Vulnerabilities Source: XF Type: UNKNOWN netbsd-main-bo(51473) Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [05-18-2010] | ||||||
Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
BACK |