Bug 134138 - games-strategy/netpanzer: remote DoS (CVE-2006-2575)
Bug#: 134138 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: enhancement Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: falco@gentoo.org
Component: Vulnerabilities
URL:  http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0606.html
Summary: games-strategy/netpanzer: remote DoS (CVE-2006-2575)
Keywords:  
Status Whiteboard: B3 [noglsa] Falco
Opened: 2006-05-23 11:12 0000
Description:   Opened: 2006-05-23 11:12 0000 
by Luigi Auriemma

======
2) Bug
======


The game is affected by a denial of service which happens when a client
uses a flag (called also frameNum) major than 41 since the setFrame
function in src/Lib/2D/Surface.hpp checks if this number is minor than
frameCount:

    void setFrame(const float &frameNum)
    {
        assert(frameNum >= 0.0);
        assert(frameNum < frameCount);
        mem = frame0 + (pix.y * stride) * int(frameNum);
    }

The result is the immediate interruption of the server.

(...)

======
4) Fix
======


No fix.
No reply from the developers.

------- Comment #1 From Raphael Marichez 2006-05-23 11:13:15 0000 ------- 
Let's wait for a patch or an upstream bump.

------- Comment #2 From Mr. Bones. 2006-05-23 11:36:15 0000 ------- 
package masked for now.

------- Comment #3 From aaron perez 2006-10-30 04:35:38 0000 ------- 
Hi, i have maded a patch that fix this (and other bugs) in netpanzer.

I dont know if the patch will be accepted (it seems nobody will ever take a
look into it). But anyway im working with netpanzer (even im thinking to make a
fork).

You can find the patch in the 'patch' section of netpanzer in berlios.de

------- Comment #4 From Aniruddha 2006-11-22 14:02:42 0000 ------- 
Apperantley this bug has been fixed in the latest release of
netpanzer.(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=318329) Please
confirm.

------- Comment #5 From Chris Gianelloni (RETIRED) 2006-11-29 14:38:51 0000 ------- 
Debian is using a SVN snapshot.

------- Comment #6 From Aniruddha 2006-12-26 23:06:30 0000 ------- 
What's the status of this ebuild? Can we use the CVS?

------- Comment #7 From Matze Braun 2007-02-05 10:10:05 0000 ------- 
version 0.8.1 should fix this problem

------- Comment #8 From Matze Braun 2007-02-05 10:12:59 0000 ------- 
I still don't understand why you are masking a game, because it is possible to
abort a running server with bad data (this isn't even a buffer overflow, noone
can gain control of the server).
A server which can be shut down is still better than no server at all, isn't
it?

------- Comment #9 From Jakub Moc (RETIRED) 2007-02-05 22:11:47 0000 ------- 
*** Bug 165519 has been marked as a duplicate of this bug. ***

------- Comment #10 From Hans Hohenfeld 2007-02-06 01:37:03 0000 ------- 
Created an attachment (id=109293) [details]
netpanzer-0.8.1.ebuild

New netpanzer version, that fixes this bug

------- Comment #11 From Aniruddha 2007-02-06 05:35:37 0000 ------- 
(In reply to comment #10)
> Created an attachment (id=109293) [edit] [details]
> netpanzer-0.8.1.ebuild
> 
> New netpanzer version, that fixes this bug
> 

Ha Kewl! Is this in portage testing yet? Or do we need to use an overlay?

------- Comment #12 From Tristan Heaven 2007-02-07 09:22:52 0000 ------- 
bumped

------- Comment #13 From Raphael Marichez 2007-02-10 22:03:41 0000 ------- 
Time to vote, i vote NO.

------- Comment #14 From Hans Hohenfeld 2007-02-11 01:28:27 0000 ------- 
The masterserver provided in the default configuartion file is not working
anymore, so the internal server browser will not work without modification. New
Masterserver is netpanzer.selfip.net, maybe an information message after
insatlling would be a good idea.

------- Comment #15 From Aniruddha 2007-02-11 12:19:18 0000 ------- 
(In reply to comment #13)
> Time to vote, i vote NO.
> 

Vote for what?

------- Comment #16 From Raphael Marichez 2007-02-11 13:14:45 0000 ------- 
(In reply to comment #15)
> (In reply to comment #13)
> > Time to vote, i vote NO.
> > 
> 
> Vote for what?
> 

Wether we issue a GLSA or not. (ok, i know i'm voting alone)

------- Comment #17 From Aniruddha 2007-02-11 22:03:21 0000 ------- 
(In reply to comment #16)
> (In reply to comment #15)
> > (In reply to comment #13)
> > > Time to vote, i vote NO.
> > > 
> > 
> > Vote for what?
> > 
> 
> Wether we issue a GLSA or not. (ok, i know i'm voting alone)
> 

I guess this is only for developers?

------- Comment #18 From Raphael Marichez 2007-02-11 22:39:48 0000 ------- 
(In reply to comment #17)
> (In reply to comment #16)
> > Wether we issue a GLSA or not. (ok, i know i'm voting alone)
> > 
> 
> I guess this is only for developers?
> 

Sure :)  but you are free to give your opinion.

------- Comment #19 From Raphael Marichez 2007-02-12 22:38:45 0000 ------- 
i'm actually the only active member of the security team, so let's close this
without GLSA. Feel free to reopen if you disagree.