134138 2006-05-23 11:12 0000 games-strategy/netpanzer: remote DoS (CVE-2006-2575) 2007-02-12 22:38:45 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0606.html B3 [noglsa] Falco P2 enhancement --- 1 falco@gentoo.org security@gentoo.org denilsonsa@gmail.com derhans@nerdshack.com games@gentoo.org mailingdotlist@gmail.com falco@gentoo.org 2006-05-23 11:12:13 0000 by Luigi Auriemma ====== 2) Bug ====== The game is affected by a denial of service which happens when a client uses a flag (called also frameNum) major than 41 since the setFrame function in src/Lib/2D/Surface.hpp checks if this number is minor than frameCount: void setFrame(const float &frameNum) { assert(frameNum >= 0.0); assert(frameNum < frameCount); mem = frame0 + (pix.y * stride) * int(frameNum); } The result is the immediate interruption of the server. (...) ====== 4) Fix ====== No fix. No reply from the developers. falco@gentoo.org 2006-05-23 11:13:15 0000 Let's wait for a patch or an upstream bump. mr_bones_@gentoo.org 2006-05-23 11:36:15 0000 package masked for now. aaronps@gmail.com 2006-10-30 04:35:38 0000 Hi, i have maded a patch that fix this (and other bugs) in netpanzer. I dont know if the patch will be accepted (it seems nobody will ever take a look into it). But anyway im working with netpanzer (even im thinking to make a fork). You can find the patch in the 'patch' section of netpanzer in berlios.de mailingdotlist@gmail.com 2006-11-22 14:02:42 0000 Apperantley this bug has been fixed in the latest release of netpanzer.(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=318329) Please confirm. wolf31o2@gentoo.org 2006-11-29 14:38:51 0000 Debian is using a SVN snapshot. mailingdotlist@gmail.com 2006-12-26 23:06:30 0000 What's the status of this ebuild? Can we use the CVS? matze@braunis.de 2007-02-05 10:10:05 0000 version 0.8.1 should fix this problem matze@braunis.de 2007-02-05 10:12:59 0000 I still don't understand why you are masking a game, because it is possible to abort a running server with bad data (this isn't even a buffer overflow, noone can gain control of the server). A server which can be shut down is still better than no server at all, isn't it? jakub@gentoo.org 2007-02-05 22:11:47 0000 *** Bug 165519 has been marked as a duplicate of this bug. *** derhans@nerdshack.com 2007-02-06 01:37:03 0000 Created an attachment (id=109293) netpanzer-0.8.1.ebuild New netpanzer version, that fixes this bug mailingdotlist@gmail.com 2007-02-06 05:35:37 0000 (In reply to comment #10) > Created an attachment (id=109293) [edit] > netpanzer-0.8.1.ebuild > > New netpanzer version, that fixes this bug > Ha Kewl! Is this in portage testing yet? Or do we need to use an overlay? nyhm@gentoo.org 2007-02-07 09:22:52 0000 bumped falco@gentoo.org 2007-02-10 22:03:41 0000 Time to vote, i vote NO. derhans@nerdshack.com 2007-02-11 01:28:27 0000 The masterserver provided in the default configuartion file is not working anymore, so the internal server browser will not work without modification. New Masterserver is netpanzer.selfip.net, maybe an information message after insatlling would be a good idea. mailingdotlist@gmail.com 2007-02-11 12:19:18 0000 (In reply to comment #13) > Time to vote, i vote NO. > Vote for what? falco@gentoo.org 2007-02-11 13:14:45 0000 (In reply to comment #15) > (In reply to comment #13) > > Time to vote, i vote NO. > > > > Vote for what? > Wether we issue a GLSA or not. (ok, i know i'm voting alone) mailingdotlist@gmail.com 2007-02-11 22:03:21 0000 (In reply to comment #16) > (In reply to comment #15) > > (In reply to comment #13) > > > Time to vote, i vote NO. > > > > > > > Vote for what? > > > > Wether we issue a GLSA or not. (ok, i know i'm voting alone) > I guess this is only for developers? falco@gentoo.org 2007-02-11 22:39:48 0000 (In reply to comment #17) > (In reply to comment #16) > > Wether we issue a GLSA or not. (ok, i know i'm voting alone) > > > > I guess this is only for developers? > Sure :) but you are free to give your opinion. falco@gentoo.org 2007-02-12 22:38:45 0000 i'm actually the only active member of the security team, so let's close this without GLSA. Feel free to reopen if you disagree. 109293 2007-02-06 01:37 0000 netpanzer-0.8.1.ebuild netpanzer-0.8.1.ebuild text/plain IyBDb3B5cmlnaHQgMTk5OS0yMDA2IEdlbnRvbyBGb3VuZGF0aW9uCiMgRGlzdHJpYnV0ZWQgdW5k ZXIgdGhlIHRlcm1zIG9mIHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSB2MgojICRIZWFk ZXI6IC92YXIvY3Zzcm9vdC9nZW50b28teDg2L2dhbWVzLXN0cmF0ZWd5L25ldHBhbnplci9uZXRw YW56ZXItMC44LjEuZWJ1aWxkJAoKaW5oZXJpdCBldXRpbHMgZ2FtZXMKCkRBVEFWRVJTSU9OPSIw LjgiCkRFU0NSSVBUSU9OPSJGYXN0LWFjdGlvbiBtdWx0aXBsYXllciBzdHJhdGVnaWMgbmV0d29y ayBnYW1lIgpIT01FUEFHRT0iaHR0cDovL25ldHBhbnplci5iZXJsaW9zLmRlLyIKU1JDX1VSST0i aHR0cDovL2Rvd25sb2FkLmJlcmxpb3MuZGUvbmV0cGFuemVyL25ldHBhbnplci0ke1BWfS50YXIu YnoyCglodHRwOi8vZG93bmxvYWQuYmVybGlvcy5kZS9uZXRwYW56ZXIvbmV0cGFuemVyLWRhdGEt JHtEQVRBVkVSU0lPTn0udGFyLmJ6MiIKCkxJQ0VOU0U9IkdQTC0yIgpTTE9UPSIwIgpLRVlXT1JE Uz0ifmFtZDY0IgpJVVNFPSJkZWRpY2F0ZWQiCgpSREVQRU5EPSJkZWRpY2F0ZWQ/ICggYXBwLW1p c2Mvc2NyZWVuICkKCT49bWVkaWEtbGlicy9saWJzZGwtMS4yLjUKCT49bWVkaWEtbGlicy9zZGwt bWl4ZXItMS4yLjQKCT49bWVkaWEtbGlicy9zZGwtaW1hZ2UtMS4yLjMKCT49ZGV2LWdhbWVzL3Bo eXNmcy0wLjEuOSIKREVQRU5EPSIke1JERVBFTkR9Cgk+PWRldi11dGlsL2phbS0yLjUiCgpzcmNf dW5wYWNrKCkgewoJdW5wYWNrICR7QX0KCWNkICIke1N9Igp9CgpzcmNfY29tcGlsZSgpIHsKCWVn YW1lc2NvbmYgfHwgZGllCglqYW0gLXEgfHwgZGllICJqYW0gZmFpbGVkIgoKCWVpbmZvICJXb3Jr aW5nIGluICR7V09SS0RJUn0vJHtQTn0tZGF0YS0ke0RBVEFWRVJTSU9OfS8iCgljZCAiJHtXT1JL RElSfSIvJHtQTn0tZGF0YS0ke0RBVEFWRVJTSU9OfQoJZWdhbWVzY29uZiB8fCBkaWUKCWphbSAt cSB8fCBkaWUgImphbSBmYWlsZWQgKG9uIGRhdGEgcGFja2FnZSkiCn0KCnNyY19pbnN0YWxsKCkg ewoJamFtIC1zREVTVERJUj0iJHtEfSIgLXNhcHBkb2NkaXI9L3Vzci9zaGFyZS9kb2MvJHtQRn0g aW5zdGFsbCB8fCBkaWUgImphbSBpbnN0YWxsIGZhaWxlZCIKCgljZCAiJHtXT1JLRElSfSIvJHtQ Tn0tZGF0YS0ke0RBVEFWRVJTSU9OfS8KCWphbSAtc0RFU1RESVI9IiR7RH0iIC1zYXBwZG9jZGly PS91c3Ivc2hhcmUvZG9jLyR7UEZ9IGluc3RhbGwgfHwgZGllICJqYW0gaW5zdGFsbCBmYWlsZWQg KGRhdGEgcGFja2FnZSkiCgoJaWYgdXNlIGRlZGljYXRlZCA7IHRoZW4KCQluZXdpbml0ZCAiJHtG SUxFU0RJUn0vbmV0cGFuemVyLnJjIiBuZXRwYW56ZXIgfHwgZGllICJuZXdpbml0ZCBmYWlsZWQi CgkJc2VkIC1pIFwKCQkJLWUgInM6R0FNRVNfVVNFUl9ERUQ6JHtHQU1FU19VU0VSX0RFRH06IiBc CgkJCS1lICJzOkdFTlRPT19ESVI6JHtHQU1FU19CSU5ESVJ9OiIgXAoJCQkiJHtEfS9ldGMvaW5p dC5kL25ldHBhbnplciIgXAoJCQl8fCBkaWUgInNlZCBmYWlsZWQiCgoJCWluc2ludG8gL2V0YwoJ CWRvaW5zICIke0ZJTEVTRElSfS9uZXRwYW56ZXItZGVkLmluaSIgfHwgZGllICJkb2lucyBmYWls ZWQiCgkJZXhlaW50byAiJHtHQU1FU19CSU5ESVJ9IgoJCWRvZXhlICIke0ZJTEVTRElSfS9uZXRw YW56ZXItZGVkIiB8fCBkaWUgImRvZXhlIGZhaWxlZCIKCQlzZWQgLWkgXAoJCQktZSAiczpHRU5U T09fRElSOiR7R0FNRVNfQklORElSfToiIFwKCQkJIiR7RH0ke0dBTUVTX0JJTkRJUn0vbmV0cGFu emVyLWRlZCIgXAoJCQl8fCBkaWUgInNlZCBmYWlsZWQiCglmaQoJcm0gLXJmICIke0R9LyR7R0FN RVNfREFUQURJUn0iL3thcHBsaWNhdGlvbnMscGl4bWFwc30KCWRvaWNvbiAiJHtTfSIvJHtQTn0u cG5nCgltYWtlX2Rlc2t0b3BfZW50cnkgJHtQTn0gTmV0UGFuemVyCglwcmVwZ2FtZXNkaXJzCn0K