The configuration of NetHack 3.4.3-r1 and earlier, Falcon’s Eye 1.9.4a and earlier, and Slash’EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks.
bugs.gentoo.org/show_bug.cgi?id=122376
bugs.gentoo.org/show_bug.cgi?id=125902
bugs.gentoo.org/show_bug.cgi?id=127167
bugs.gentoo.org/show_bug.cgi?id=127319
secunia.com/advisories/19376
www.gentoo.org/security/en/glsa/glsa-200603-23.xml
www.osvdb.org/24104
www.securityfocus.com/archive/1/428739/100/0/threaded
www.securityfocus.com/archive/1/428743/100/0/threaded
www.securityfocus.com/bid/17217
exchange.xforce.ibmcloud.com/vulnerabilities/25528