A local buffer overflow exists in NetBSD trek game. The trek command fails to validate input resulting in a buffer overflow. With a specially crafted request of more than 100 characters, an attacker can cause the execution of arbitrary code with group "games" privileges resulting in a loss of integrity.
Local Access Required
Loss of Integrity
Upgrade to version 1.6.1 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Remove or restrict access to the game.
# rm /usr/games/trek
# rm /usr/games/hide/trek
# chmod 400 /usr/games/trek
# chmod 400 /usr/games/hide/trek