[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE id request: openttd
From: "Steven M. Christey" <coley () linus ! mitre ! org>
Date: 2008-08-07 20:42:47
Message-ID: Pine.GSO.4.51.0808071642120.25461 () faron ! mitre ! org
[Download RAW message or body]
On Mon, 4 Aug 2008, Nico Golde wrote:
> "OpenTTD servers of version 0.6.1 and below are susceptible to a remotely
> exploitable buffer overflow when the server is filled with companies and
> clients with names that are (near) the maximum allowed length for names.
> In the worst case OpenTTD will write the following (mostly remotely
> changable bytes) into 1460 bytes of malloc-ed memory:
> up to 11 times (amount of players) 118 bytes
> up to 8 times (amount of companies) 124 bytes
> and 7 "header" bytes
> Resulting in up to 2297 bytes being written in 1460 bytes of malloc-ed
> memory. This makes it possible to remotely crash the game or change the
> gamestate into an unrecoverable state. "
>
> This is Debian bug #493714.
Use CVE-2008-3547 (to be updated later) for this issue, as reported.
If Secunia wound up reporting a distinct bug, that would need an
additional CVE.
- Steve
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic