209903 CVE-2008-0671 2008-02-12 19:25 0000 games-mud/tintin <1.98.0 add_line_buffer Buffer Overflow (CVE-2008-{0671,0672,0673}) 2009-11-23 17:41:14 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux ASSIGNED http://aluigi.altervista.org/adv/rintintin-adv.txt B1 [glsa] P2 major --- 1 rbu@gentoo.org security@gentoo.org games@gentoo.org rbu@gentoo.org 2008-02-12 19:25:44 0000 CVE-2008-0671 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0671): Stack-based buffer overflow in the add_line_buffer function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to execute arbitrary code via a long chat message, related to conversion from LF to CRLF. rbu@gentoo.org 2008-02-12 19:31:21 0000 Games herd, did you hear anything upstream about this? rbu@gentoo.org 2008-02-12 19:32:23 0000 CVE-2008-0672 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0672): The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to cause a denial of service (application crash) via a YES message without a newline character, which triggers a NULL dereference. CVE-2008-0673 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0673): TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbound file-transfer request, before the user has an opportunity to decline the request, which allows remote attackers to truncate arbitrary files in the top level of a home directory. mr_bones_@gentoo.org 2008-02-12 19:45:35 0000 I removed that version from portage. We'll pick up normal processing on the next version. rbu@gentoo.org 2008-02-12 20:43:28 0000 I verified that all three vulnerabilities also affect our stable, so that won't be enough. :-/ mr_bones_@gentoo.org 2008-02-12 20:59:13 0000 package masked. jaervosz@gentoo.org 2008-02-13 17:37:34 0000 maskglsa request filed. mr_bones_@gentoo.org 2008-03-25 04:55:17 0000 added tintin-1.98.0, removed all previous versions, unmasked. rbu@gentoo.org 2008-03-25 10:23:05 0000 I couldn't reproduce the errors with 1.98.0, so that looks fine. mr_bones_@gentoo.org 2009-11-23 04:28:41 0000 please close this out. craig@gentoo.org 2009-11-23 17:41:14 0000 A GLSA request was filed some time ago and the bug will be closed after it was sent.