Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 125647

Summary: games-action/bzflag - server can be crashed remotely
Product: Gentoo Security Reporter: Carsten Lohrke (RETIRED) <carlo>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: bensberg, games
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://aluigi.altervista.org/adv/bzflagboom-adv.txt
Whiteboard: B3 [noglsa] jaervosz
Package list:
Runtime testing required: ---
Attachments:
Description Flags
bzflag-callsignfix.patch none

Description Carsten Lohrke (RETIRED) gentoo-dev 2006-03-09 14:25:21 UTC 
The callsigns used by the clients are not checked or re-delimited by
the server so is possible for a client to pass a callsign with no NULL
bytes at its end causing problems (crash) to the server during the
handling of this string.
On both Linux and Windows for x86 (using the precompiled packages) I
have reached the server crash without problems but is possible that in
some configurations the crash could happen after many tries or also
never, depending by how the memory is handled on that platform.

The bug can be exploited also versus password protected servers without
knowing the right keyword.

http://aluigi.altervista.org/adv/bzflagboom-adv.txt
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2006-03-11 03:25:07 UTC 
One more on games team plate.
Too bad Luigi decided to do more auditing on games servers while our games team is silent :)
Comment 2 Mr. Bones. (RETIRED) gentoo-dev 2006-03-11 20:35:27 UTC 
it's masked.
Comment 3 David Grant 2006-03-12 20:08:07 UTC 
Can bzflag be split into server and client ebuilds? It sounds like this doesn't affect the client.
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2006-03-13 10:30:28 UTC 
No masking GLSA as this is not a critical security issue.
Setting this to enhancement to remember to remove bzflag at some point in the future.

Asking to separate between server and client should be done a separate non-security bug, assigend to teh games team.
Comment 5 Tupone Alfredo gentoo-dev 2006-03-13 10:38:34 UTC 
remove? For about a 4 lines patch to apply ? :( 
I love bzflag
Comment 6 Benno Schulenberg 2006-03-14 11:26:20 UTC 
At comment #5: which 4-line patch, Tupone?  Please attach?
Comment 7 Tupone Alfredo gentoo-dev 2006-03-14 11:38:45 UTC 
Created attachment 82128 [details, diff]
bzflag-callsignfix.patch

Patch to fix callsign, and others, ... overflow
Comment 8 Chris Gianelloni (RETIRED) gentoo-dev 2006-03-14 13:47:12 UTC 
Tupone: feel free to fix the package and unmask it instead, as an actual fix is *always* the preferred solution.
Comment 9 Tupone Alfredo gentoo-dev 2006-03-19 13:36:39 UTC 
Fixed in CVS.
Please stabilize bzflag-2.0.4.20050930
Comment 10 Tupone Alfredo gentoo-dev 2006-03-19 13:37:30 UTC 
I meant to stabilize bzflag-2.0.4.20050930-r1
Sorry
Comment 11 Tupone Alfredo gentoo-dev 2006-03-20 12:12:51 UTC 
security flaw fixed.
package unmasked
Comment 12 Chris Gianelloni (RETIRED) gentoo-dev 2006-03-22 06:42:54 UTC 
I've marked this stable on x86.
Comment 13 Luis Medinas (RETIRED) gentoo-dev 2006-03-22 17:19:24 UTC 
stable on amd64.
Comment 14 Tupone Alfredo gentoo-dev 2006-03-22 22:51:50 UTC 
It was marked stable on ppc
I think bug could be closed
Comment 15 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-03-22 23:25:41 UTC 
This one is ready for GLSA decision. I tend to vote NO.
Comment 16 Thierry Carrez (RETIRED) gentoo-dev 2006-03-26 09:26:46 UTC 
I tend to vote NO too for DoS on game server. Closing, feel free to reopen if you disagree.