First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 125304
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Carsten Lohrke <carlo@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 125304 depends on: Show dependency tree
Show dependency graph
Bug 125304 blocks:

Additional Comments: (this is where you put emerge --info)







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-03-06 15:20 0000 
Freeciv supports both plain and compressed data (admins can disable
this feature only recompiling the server from the source code with
USE_COMPRESSION undefined).
When the server receives a jumbo data (size set to 0xffff) it reads
the subsequent 32 bits number which identifies the size of the
compressed data.
Then it makes a signed comparison to know if the compressed size is
major than the data received, if the client uses a negative compressed
size value it will be able to elude this check.
After having substracted 6 bytes (header size) from this number the
server tries to allocate the memory needed for decompressing the data
which is fixed to 100 times this size.
If the memory cannot be allocated the server terminates or freezes
showing an out of memory message.

http://aluigi.altervista.org/adv/freecivdos-adv.txt

------- Comment #1 From Stefan Cornelius (RETIRED) 2006-03-06 15:26:00 0000 ------- 
arches please test and mark stable, thank you.

------- Comment #2 From Jason Wever (RETIRED) 2006-03-06 19:56:47 0000 ------- 
I'm assuming you mean 2.0.8 here, but please use exact versions in the future
to avoid any confusion.

------- Comment #3 From Mr. Bones. 2006-03-06 21:41:00 0000 ------- 
x86 is stable.

------- Comment #4 From Gustavo Zacarias (RETIRED) 2006-03-07 09:06:18 0000 ------- 
sparcenstein!

------- Comment #5 From Thierry Carrez (RETIRED) 2006-03-07 13:31:28 0000 ------- 
Removing x86 which is already marked stable

------- Comment #6 From Joe Jezak 2006-03-07 19:04:46 0000 ------- 
Marked ppc stable by Pylon, tested by mabi.

------- Comment #7 From Stefan Cornelius (RETIRED) 2006-03-08 00:37:45 0000 ------- 
removing ppc from CC because of comment #6

------- Comment #8 From Jose Luis Rivero (yoswink) 2006-03-09 03:42:56 0000 ------- 
alpha is always ready for fun! 

eer ... alpha stable.

------- Comment #9 From Simon Stelling (RETIRED) 2006-03-12 07:53:30 0000 ------- 
amd64 stable, sorry for the delay

------- Comment #10 From Stefan Cornelius (RETIRED) 2006-03-12 07:57:33 0000 ------- 
No RCE, no critical service - tend to say no here

------- Comment #11 From Mr. Bones. 2006-03-12 09:13:44 0000 ------- 
2.0.7 has been removed from portage.

------- Comment #12 From Thierry Carrez (RETIRED) 2006-03-12 10:49:18 0000 ------- 
Bad players can kill the game server, I tend to vote yes, so we'll need one
more opinion :) We usually don't issue GLSAs for game servers DoS though.

------- Comment #13 From Stefan Cornelius (RETIRED) 2006-03-12 12:15:23 0000 ------- 
Ah well, you know what: i happened to have some spare time to draft and you are
the leader, so i'll follow you - let's have a glsa.

------- Comment #14 From Stefan Cornelius (RETIRED) 2006-03-16 02:15:10 0000 ------- 
GLSA 200603-11

Thanks everybody.
First Last Prev Next    No search results available      Search page      Enter new bug