Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#54468 - [nethack] Potential security risk (buffer overflow).

Attached to Project: Community Packages
Opened by Dalton Nell (naelstrof) - Thursday, 15 June 2017, 18:45 GMT
Last edited by Ivy Foster (escondida) - Thursday, 10 October 2019, 23:05 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Jakob Gruber (schuay)
Levente Polyak (anthraxx)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description: nethack 3.6.0-1 has a buffer overflow vulnerability that is really easy to trigger (even by accident), by simply having a ~/.nethackrc that's too large, or by passing too long of a string as a parameter to nethack.


Additional info:
Here's a couple sources demonstrating the vulnerability: https://www.exploit-db.com/exploits/22233/ (related links are at the bottom)
The buffer overflow was "fixed" in 3.6.1, and this (recent) commit apparently fixes it for real.
https://github.com/NetHack/NetHack/commit/119b86bf09b36a35cbe120b5ac5a4c3206d8f6c8

Steps to reproduce:
```sh
sudo pacman -S nethack
wget https://raw.githubusercontent.com/Tolchi/dotfile/master/nethackrc -O ~/.nethackrc
nethack
```

Sorry if I should've just flagged it out of date, but I'm unsure if it's completely fixed by just updating to 3.6.1.
This task depends upon

Closed by  Ivy Foster (escondida)
Thursday, 10 October 2019, 23:05 GMT
Reason for closing:  Fixed
Additional comments about closing:  nethack's now at 3.6.2 and the fix should be well-integrated.

Loading...