320955 – <games-simulation/openttd-1.0.3: Multiple vulnerabilites (CVE-2010-{0401,0402,0406,2534})

Bug 320955 - <games-simulation/openttd-1.0.3: Multiple vulnerabilites (CVE-2010-{0401,0402,0406,2534})

Summary: <games-simulation/openttd-1.0.3: Multiple vulnerabilites (CVE-2010-{0401,0402...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://security.openttd.org/en/CVE-20...
Whiteboard:	B3 [noglsa]
Keywords:

Duplicates (1):	321553 (view as bug list)
Depends on:	321609
Blocks:
	Show dependency tree

Reported:	2010-05-21 21:44 UTC by Stefan Behte (RETIRED)
Modified:	2011-02-23 23:04 UTC (History)
CC List:	4 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2010-05-21 21:44:04 UTC

CVE-2010-0401 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0401):
  OpenTTD before 1.0.1 accepts a company password for authentication in
  response to a request for the server password, which allows remote
  authenticated users to bypass intended access restrictions or cause a
  denial of service (daemon crash) by sending a company password packet.

Comment 1 Mr. Bones. (RETIRED) gentoo-dev

2010-05-26 13:55:46 UTC

*** Bug 321553 has been marked as a duplicate of this bug. ***

Comment 2 Ai Locke Shinseiko (Wizzleby) 2010-06-06 20:10:15 UTC

CVE-2010-0402 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0402)
 OpenTTD before 1.0.1 does not properly validate index values of certain items,
 which allows remote authenticated users to cause a denial of service (daemon
 crash) or possibly execute arbitrary code via a crafted in-game command.

Comment 3 Ai Locke Shinseiko (Wizzleby) 2010-06-06 20:11:33 UTC

CVE-2010-04-06 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0406)
 OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-
 descriptor exhaustion and daemon crash) by performing incomplete downloads of
 the map.

Comment 4 Alex Legler (RETIRED) archtester

2010-08-10 15:20:29 UTC

CVE-2010-2534 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2534):
  The NetworkSyncCommandQueue function in network/network_command.cpp
  in OpenTTD before 1.0.3 does not properly clear a pointer in a linked
  list, which allows remote attackers to cause a denial of service
  (infinite loop and CPU consumption) via a crafted request, related to
  the client command queue.

Comment 5 .:deadhead:. 2011-02-01 20:27:52 UTC

Please close it: version 1.0.3 isn't present anymore in portage!

Comment 6 Tim Sammut (RETIRED) gentoo-dev

2011-02-02 04:05:52 UTC

GLSA vote: no.

Comment 7 Stefan Behte (RETIRED) gentoo-dev

2011-02-23 23:04:28 UTC

Vote: no, closing noglsa.