Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 252203 (CVE-2008-5876) - dev-games/irrlicht < 1.5 Buffer Overflow (CVE-2008-5876)
Summary: dev-games/irrlicht < 1.5 Buffer Overflow (CVE-2008-5876)
Status: RESOLVED FIXED
Alias: CVE-2008-5876
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://secunia.com/Advisories/33192/
Whiteboard: C2 [glsa]
Keywords:
Depends on: 253659
Blocks:
  Show dependency tree
 
Reported: 2008-12-22 20:49 UTC by Bruno Buss
Modified: 2009-03-07 21:41 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Bruno Buss 2008-12-22 20:49:53 UTC
Description:
"A vulnerability has been reported in Irrlicht, which can be exploited by malicious people to potentially compromise a vulnerable system.

The vulnerability is caused due to an unspecified error in the B3D loader and can be exploited to cause a buffer overflow.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions prior to 1.5."


dev-games/irrlicht-1.5 is on portage tree, just need to stabilize.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-12-23 12:35:26 UTC
games: is irrlicht 1.5 ready for stabling?
Comment 2 Bruno Buss 2009-01-09 12:24:25 UTC
CVE-2008-5876 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5876):
Buffer overflow in Irrlicht before 1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors in the B3D loader.
Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev 2009-03-07 21:41:36 UTC
GLSA 200903-10