First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 198807
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Pierre-Yves Rofes <py@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 198807 depends on: Show dependency tree
Show dependency graph
Bug 198807 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-11-11 14:07 0000 
Bas Wijnen has reported a vulnerability in Pioneers, which can be
exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a session object being deleted
while still in use. This can be exploited to crash the Pioneers
server by sending specially crafted data.

The vulnerability is reported in versions prior to 0.11.3.

SOLUTION:
Update to version 0.11.3.

------- Comment #1 From Pierre-Yves Rofes 2007-11-11 14:08:41 0000 ------- 
games, version 0.11.3 is in the tree but ~arch, is it ready for stabilization?
please advise.

------- Comment #2 From Mr. Bones. 2007-11-11 14:43:21 0000 ------- 
stablized and removed all but 0.11.3

------- Comment #3 From Pierre-Yves Rofes 2007-11-11 14:59:08 0000 ------- 
ok, so we can directly proceed to glsa vote.
I tend to vote YES.

------- Comment #4 From Robert Buchholz 2007-11-11 15:00:26 0000 ------- 
(In reply to comment #2)
> stablized and removed all but 0.11.3

Should we call in x86, because 0.11.3 is only ~x86 right now?

------- Comment #5 From Mr. Bones. 2007-11-11 15:13:06 0000 ------- 
missed it.  fixed it now.

------- Comment #6 From Robert Buchholz 2007-11-11 15:19:22 0000 ------- 
Thanks.

Voting YES since it seems unauthenticated users can crash the server.

------- Comment #7 From Robert Buchholz 2007-11-11 15:28:58 0000 ------- 
request filed.

------- Comment #8 From Pierre-Yves Rofes 2007-11-14 22:12:13 0000 ------- 
GLSA 200711-20

------- Comment #9 From Robert Buchholz 2007-11-18 12:14:01 0000 ------- 
It seems we only fixed one of the two DoS vulnerabilities discovered.

From http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449541

As I wrote before, there was a DoS vulnerability in Pioneers.  While
testing if it also occurred in stable, I found a second problem, which
is now also fixed.  The fix is uploaded to unstable, and should enter
testing in 2 days.  The attached patch fixes both problems in stable.
To use it:

cd /tmp
dget -x
ftp://ftp.nl.debian.org/debian/pool/main/p/pioneers/pioneers_0.10.2-3.dsc
cd pioneers-0.10.2
patch -p2 < /path/to/patch
dch -i
debuild

The problem is documented on
http://sourceforge.net/tracker/index.php?func=detail&aid=1786686&group_id=5095&atid=105095
This patch is a combination of the following two patches:
http://sourceforge.net/tracker/index.php?func=detail&aid=1791176&group_id=5095&atid=305095
http://sourceforge.net/tracker/index.php?func=detail&aid=1833003&group_id=5095&atid=305095

------- Comment #10 From Mr. Bones. 2007-11-20 03:09:49 0000 ------- 
I added the rest of the patch that wasn't in 0.11.3 and rev bumped it to force
it out.

------- Comment #11 From Robert Buchholz 2007-11-24 13:00:01 0000 ------- 
Thanks, we should publish an errata GLSA.

------- Comment #12 From Pierre-Yves Rofes 2007-11-29 21:59:44 0000 ------- 
xml updated and errata mail for GLSA-200711-20 sent, closing.
First Last Prev Next    No search results available      Search page      Enter new bug