Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 194151

Summary: games-sports/racer-bin UDP message buffer overflow (CVE-2007-4370)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: games
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://xforce.iss.net/xforce/xfdb/35991
Whiteboard: B1? [glsa]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2007-09-29 00:50:10 UTC
CVE-2007-4370: 
  Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3
  beta 5 allow remote attackers to execute arbitrary code via a long string
  to UDP port 26000.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-09-29 00:51:46 UTC
I don't know if the vulnerability is specific to the Beta version mentioned in the CVE and whether our version is vulnerable-

Games, please advise.
Comment 2 Mr. Bones. (RETIRED) gentoo-dev 2007-10-03 06:30:23 UTC
There's no mention of 0.5.0 in any of the stuff I could find on this.  Is there any reason to think the version in portage is vulnerable?
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2007-10-03 10:23:27 UTC
(In reply to comment #2)
> Is there any reason to think the version in portage is vulnerable?

Only that a later version is vulnerable. It's reason enough for me to believe that the prior version *might* also be vulnerable.

If you have the game installed, you could try the exploit at
  http://downloads.securityfocus.com/vulnerabilities/exploits/25297.pl
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2007-10-17 01:19:05 UTC
Mr. Bones, were you able to reproduce this?
Comment 5 Mr. Bones. (RETIRED) gentoo-dev 2007-10-17 03:02:00 UTC
I didn't try.
Comment 6 Matti Bickel (RETIRED) gentoo-dev 2009-01-01 17:24:35 UTC
Uh, a year for a B1 vulnerability? Can't check it b/c i don't have a x86 here, but there's now version 0.5.4b1 available. maybe that fixes it?
Comment 7 KinG-InFeT 2012-02-17 18:01:52 UTC
in V0.5.4 BETA 1 is stable and fixed this vulnerability
Comment 8 Tim Sammut (RETIRED) gentoo-dev 2012-02-18 21:55:28 UTC
This package was stable on x86, but has since been hardmasked. 

# Samuli Suominen <ssuominen@gentoo.org> (30 Oct 2011)
# Masked for security bug #294253, use only at your own risk!
=media-libs/fmod-3*
games-puzzle/candycrisis
games-simulation/stoned-bin
games-sports/racer-bin
games-strategy/dark-oberon
games-strategy/savage-bin

GLSA request filed.
Comment 9 KinG-InFeT 2012-06-03 15:13:08 UTC
UP
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2014-12-12 00:35:36 UTC
This issue was resolved and addressed in
 GLSA 201412-09 at http://security.gentoo.org/glsa/glsa-201412-09.xml
by GLSA coordinator Sean Amoss (ackle).