Summary: | games-sports/racer-bin UDP message buffer overflow (CVE-2007-4370) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | games |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://xforce.iss.net/xforce/xfdb/35991 | ||
Whiteboard: | B1? [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2007-09-29 00:50:10 UTC
I don't know if the vulnerability is specific to the Beta version mentioned in the CVE and whether our version is vulnerable- Games, please advise. There's no mention of 0.5.0 in any of the stuff I could find on this. Is there any reason to think the version in portage is vulnerable? (In reply to comment #2) > Is there any reason to think the version in portage is vulnerable? Only that a later version is vulnerable. It's reason enough for me to believe that the prior version *might* also be vulnerable. If you have the game installed, you could try the exploit at http://downloads.securityfocus.com/vulnerabilities/exploits/25297.pl Mr. Bones, were you able to reproduce this? I didn't try. Uh, a year for a B1 vulnerability? Can't check it b/c i don't have a x86 here, but there's now version 0.5.4b1 available. maybe that fixes it? in V0.5.4 BETA 1 is stable and fixed this vulnerability This package was stable on x86, but has since been hardmasked. # Samuli Suominen <ssuominen@gentoo.org> (30 Oct 2011) # Masked for security bug #294253, use only at your own risk! =media-libs/fmod-3* games-puzzle/candycrisis games-simulation/stoned-bin games-sports/racer-bin games-strategy/dark-oberon games-strategy/savage-bin GLSA request filed. UP This issue was resolved and addressed in GLSA 201412-09 at http://security.gentoo.org/glsa/glsa-201412-09.xml by GLSA coordinator Sean Amoss (ackle). |