Gentoo Bug 126169 - games-roguelike/crossfire-client | games-server/crossfire-server: DoS (CVE-2006-1010)

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	126169
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Carsten Lohrke <carlo@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 126169 depends on:			Show dependency tree
Bug 126169 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2006-03-14 09:12 0000

Buffer overflow in socket/request.c in CrossFire before 1.9.0, when
oldsocketmode is enabled, allows remote attackers to cause a denial of service
(segmentation fault) and possibly execute code by sending the server a large
request.

http://secunia.com/advisories/19044

------- Comment #1 From Stefan Cornelius (RETIRED) 2006-03-14 09:18:51 0000 -------

games team, are we affected? if so, please provide fixed packages.

its maybe not only DoS, CVE also talks about possible RCE.

------- Comment #2 From Mr. Bones. 2006-04-21 09:12:16 0000 -------

1.9.0 is the only version in portage so I don't think we're affected.

------- Comment #3 From Carsten Lohrke 2006-04-21 09:37:33 0000 -------

Well, don't know who did it, but as I  reported the bug, 1.7.1 was marked
stable and 1.9.0 wasn't even in the tree. Someone removed the older ebuilds and
marked 1.9.0 stable without leaving a sentence in the ChangeLog.

------- Comment #4 From Stefan Cornelius (RETIRED) 2006-04-21 09:55:35 0000 -------

seems to be ready for GLSA

------- Comment #5 From Thierry Carrez (RETIRED) 2006-04-22 13:58:24 0000 -------

GLSA 200604-11

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 126169

games-roguelike/crossfire-client | games-server/crossfire-server: DoS (CVE-2006-1010)

Last modified: 2006-04-22 13:58:24 0000