Versions: <= 39.1 (bf) Bugs: A] format string and buffer-overflow in addLine and SendString* B] server freeze through negative numplayers C] ComsMessageHandler buffer-overflow D] various crashes and possible code execution in Logger.cpp Exploitation: remote, versus server
Created attachment 72076 [details] advisory.txt Luigi Auriemma's advisory web page links are dead, so here's a text copy from full-disclosure.
Package masked until upstream addresses the issue.
Maybe a masking GLSA is in order.
Security please vote on masking GLSA need. Should we issue a GLSA describing the issue and advising users to unmerge the package ? This masking GLSA would be updated with a final one when/if this is fixed upstream one day.
I tend to vote YES, this is not DoS only.
vote YES on masking glsa.
Then we should do one. I'll handle it...
Mask GLSA 200511-12 Setting to enhancement, Waiting on upstream version fix.
Any word from upstream on this?
Upstream is dead. However, I've been working with the Fedora packager to try to sync up our patches between our two distributions. It might be a little while, but I'll get to it.
Great, thanks so much for the work and the update! </forums-over-bugzilla>
These bugs have been addressed for the soon to be released v40 of this. Referencing the bugs as listed in "advisory.txt": A] format string and buffer-overflow in addLine and SendString* vsprintf is no longer used at all. B] server freeze through negative numplayers These values now use an unsigned int C] ComsMessageHandler buffer-overflow sprintf has been replaced by snprintf to prevent this. D] various crashes and possible code execution in Logger.cpp These have been addressed in the same fashion as the string overflows above. Version 40 of Scorched3d will be released over the next couple days, and I'm looking forward to getting it back into the portage tree! Diff for scorched3d-40.ebuild: diff scorched3d-39.1-r1.ebuild scorched3d-40.ebuild 3c3 < # $Header: /var/cvsroot/gentoo-x86/games-strategy/scorched3d/scorched3d-39.1-r1.ebuild,v 1.1 2006/05/12 18:40:23 wolf31o2 Exp $ --- > # $Header: /var/cvsroot/gentoo-x86/games-strategy/scorched3d/scorched3d-40.ebuild,v 1.0 2006/07/09 13:34:00 cbx550f Exp $ 13,14c13,14 < KEYWORDS="~amd64 ~ppc ~x86" < IUSE="mysql" --- > KEYWORDS="~amd64 ~ppc x86" > IUSE="mysql vorbis" 23c23,24 < mysql? ( dev-db/mysql )" --- > mysql? ( dev-db/mysql ) > vorbis? ( media-libs/libvorbis )" 40a42 > $(use_with vorbis) \ 50,51d51 < insinto "${GAMES_DATADIR}/scorched3d/data/globalmods/apoc/data/textures/explode/" < doins "${FILESDIR}/smoke-orange.bmp" || die "doins failed" #bug #105237 Thank you Paul Vint (aka cbx550f)
OK. Version 40 is released and in the tree.
Thx Chris. Arches please test and mark stable.
ppc stable
x86 is stable.
This one is ready for GLSA.
glsa-update sent (200511-12), closing.