Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!

Full Text Bug Listing

Copied from adivsory: 
The network code doesn't verify the correctness of the 16 bit number
containing the size of the entire data block received from the network.
If an attacker sends the number 0x0000 (the minimum should be 0x0002)
the game enters in an endless loop and nobody can play.

PoC: http://aluigi.altervista.org/poc/panzone.zip
Fix in SVN: http://developer.berlios.de/svn/?group_id=1250

Games herd, please provide a patched ebuild. thanks.

Created an attachment (id=63354) [details]
netpanzer-0.8-min-size-check.patch

upstream svn rewrote the network code completely and it's incompatible with the
0.8 release :/

going by the useful technical info in the advisory, ive created a small fix
against 0.8 which seems to fix the issue ...

that is, i was able to make netpanzer eat up 100% cpu w/out the patch but not
w/the patch

so 0.8-r1 is now in portage and amd64/x86 stable (which are the only arches
which had a stable version < 0.8-r1)

This one is ready for GLSA decision. I vote NO. 

I'm voting no, too. Closing bug, reopen if my vote doesn't count since i'm only
on probation.