1. The game uses an unchecked function for reading the strings from the incoming data. The function is sgetstr() located in cube.h: 2. sgetstr(), getint() and the instructions which call them don't check the correct length of the input data. 3. In the Cube engine the players have the possibility to choose a specific map on which playing, if there is only one player in the server the map is changed immediately otherwise will be voted. When a client tries to load an invalid map file it exits immediately showing the "while reading map: header malformatted" error.
according to the advisory, upstream wont fix this - games team, what do you want to do here? build own patch or wait if others provide one, mask or remove completely?
Package masked.
*** Bug 125305 has been marked as a duplicate of this bug. ***
mhhh, do we need a masking GLSA here? I assume that cube is present on less than 1/20 of the gentoo installs so policy doesnt force a GLSA. But what do you think?
Yes a maskGLSA is needed, since this allows remote code execution against game server.
Does these vulnerablities applies to all verions of cube even the newest?
At least it affects all versions in portage (which are probably the newest from upstream). As said in the advisory, upstream does not plan to release an update so better dont wait for one.
we could patch the source code ourselves, but the only client that works with official multiplayer servers is the binary-only client :/
GLSA 200603-10 As usual, I keep the bug as enhancement so that we dont forget about this.
I removed it from portage since games-fps/sauerbraten (aka Cube2) is in portage.
confirmed that cube is gone from portage - Thanks Mr. Bones. Closing!
