Gentoo Bug 98922 - games-strategy/netpanzer: Denial of Service because of an endless loop

First Last Prev Next No search results available Search page Enter new bug

Bug#:	98922
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Stefan Cornelius (RETIRED) <dercorny@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
netpanzer-0.8-min-size-check.patch	netpanzer-0.8-min-size-check.patch	patch	SpanKY	2005-07-13 19:23 0000	1.35 KB	Details \| Diff
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 98922 depends on:			Show dependency tree Show dependency graph
Bug 98922 blocks:			Show dependency tree Show dependency graph

Additional Comments: (this is where you put emerge --info)

Add to CC list

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2005-07-13 14:17 0000

Copied from adivsory: 
The network code doesn't verify the correctness of the 16 bit number
containing the size of the entire data block received from the network.
If an attacker sends the number 0x0000 (the minimum should be 0x0002)
the game enters in an endless loop and nobody can play.

PoC: http://aluigi.altervista.org/poc/panzone.zip
Fix in SVN: http://developer.berlios.de/svn/?group_id=1250

------- Comment #1 From Stefan Cornelius (RETIRED) 2005-07-13 14:18:35 0000 -------

Games herd, please provide a patched ebuild. thanks.

------- Comment #2 From SpanKY 2005-07-13 19:23:51 0000 -------

Created an attachment (id=63354) [edit]
netpanzer-0.8-min-size-check.patch

upstream svn rewrote the network code completely and it's incompatible with the
0.8 release :/

going by the useful technical info in the advisory, ive created a small fix
against 0.8 which seems to fix the issue ...

that is, i was able to make netpanzer eat up 100% cpu w/out the patch but not
w/the patch

------- Comment #3 From SpanKY 2005-07-13 19:24:30 0000 -------

so 0.8-r1 is now in portage and amd64/x86 stable (which are the only arches
which had a stable version < 0.8-r1)

------- Comment #4 From Sune Kloppenborg Jeppesen 2005-07-13 22:30:16 0000 -------

This one is ready for GLSA decision. I vote NO.

------- Comment #5 From Stefan Cornelius (RETIRED) 2005-07-13 22:42:51 0000 -------

I'm voting no, too. Closing bug, reopen if my vote doesn't count since i'm only
on probation.

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 98922

games-strategy/netpanzer: Denial of Service because of an endless loop

Last modified: 2005-07-13 22:42:51 0000