| Summary: | games-fps/{doom3,quake4}* Engine Format String Vulnerability (CVE-2007-5248) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Tobias Heinlein (RETIRED) <keytoaster> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | carlo, games, luke, mailingdotlist, rk.katana.steel, tsmksubc, ziga.boehm |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://secunia.com/advisories/27002/ | ||
| Whiteboard: | B1 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Tobias Heinlein (RETIRED)
2007-10-03 13:45:05 UTC
"Successful exploitation may allow execution of arbitrary code but requires that PunkBuster is active on the server." I'm not sure whether this should be B1 or C1. Games, please advise. (In reply to comment #1) > "Successful exploitation may allow execution of arbitrary code but requires > that PunkBuster is active on the server." > I'm not sure whether this should be B1 or C1. AFAICT, disabled by default, but most servers use it, particularly public servers. I recommend B1. well... kinda old bug this was masked in the meantime (please leave a comment on bugs if you do so): # Chris Gianelloni <wolf31o2@gentoo.org> (3 Mar 2008) # Masking due to security bug #204067 # If you only play on Punkbuster enabled servers, this is safe to unmask. So it seems we should have issued a maskglsa for this one, do we still want that? OK, I updated package.mask to reflect this bug and removed the Punkbuster note, since this bug requires Punkbuster be off, while 204067 requires that it be enabled. the packages are masked, there is no fix yet, so switching to "enhancement" severity. Please comment on this bug if you have relevant news. As written in original advisory at http://aluigi.altervista.org/adv/d3engfspb-adv.txt: ------------------------------ UPDATE 4 Oct 2007 Punkbuster has released a new version of the anti-cheat which filters the % char passed to the vulnerable function used in the Doom 3 engine for visualizing the strings in the console. This prevents the exploitation of the bug via Punkbuster. ------------------------------ So bug in Doom 3 engine is no longer exploitable. As the Punkbuster updates itself automatically (see http://www.evenbalance.com/publications/q4-pl/index.htm#updating) I see no reason to keep these games masked. *** Bug 204067 has been marked as a duplicate of this bug. *** Maybe it's time to unmask Doom3 and Quake4? The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=70055e22603149c4a2efd497d0d9bb3d37d0f107 commit 70055e22603149c4a2efd497d0d9bb3d37d0f107 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2019-12-08 21:10:50 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2019-12-08 21:10:50 +0000 games-fps/*: remove last-rited pkgs Bug: https://bugs.gentoo.org/194607 Bug: https://bugs.gentoo.org/204067 Signed-off-by: Aaron Bauman <bman@gentoo.org> games-fps/doom3-cdoom/Manifest | 1 - games-fps/doom3-cdoom/doom3-cdoom-1.3.1.ebuild | 30 ----- games-fps/doom3-cdoom/metadata.xml | 8 -- games-fps/doom3-chextrek/Manifest | 1 - .../doom3-chextrek/doom3-chextrek-0.52.ebuild | 36 ------ games-fps/doom3-chextrek/metadata.xml | 8 -- games-fps/doom3-data/doom3-data-1.1.1282-r1.ebuild | 46 ------- games-fps/doom3-data/metadata.xml | 14 --- games-fps/doom3-demo/Manifest | 2 - games-fps/doom3-demo/doom3-demo-1.1.1286-r1.ebuild | 60 ---------- games-fps/doom3-demo/metadata.xml | 8 -- games-fps/doom3-ducttape/Manifest | 1 - .../doom3-ducttape/doom3-ducttape-0007.ebuild | 35 ------ games-fps/doom3-ducttape/metadata.xml | 8 -- games-fps/doom3-eventhorizon/Manifest | 1 - .../doom3-eventhorizon-1.3.ebuild | 30 ----- games-fps/doom3-eventhorizon/metadata.xml | 8 -- games-fps/doom3-hellcampaign/Manifest | 2 - .../doom3-hellcampaign-1-r1.ebuild | 46 ------- games-fps/doom3-hellcampaign/metadata.xml | 8 -- games-fps/doom3-inhell/Manifest | 1 - games-fps/doom3-inhell/doom3-inhell-1.1-r1.ebuild | 28 ----- games-fps/doom3-inhell/metadata.xml | 8 -- games-fps/doom3-lms/Manifest | 1 - games-fps/doom3-lms/doom3-lms-4.ebuild | 29 ----- games-fps/doom3-lms/metadata.xml | 8 -- games-fps/doom3-mitm/Manifest | 1 - games-fps/doom3-mitm/doom3-mitm-20070129.ebuild | 44 ------- games-fps/doom3-mitm/metadata.xml | 8 -- games-fps/doom3-roe/doom3-roe-1.ebuild | 53 -------- games-fps/doom3-roe/metadata.xml | 16 --- games-fps/doom3/Manifest | 2 - games-fps/doom3/doom3-1.3.1304-r1.ebuild | 99 --------------- games-fps/doom3/metadata.xml | 20 ---- games-fps/quake4-bin/Manifest | 1 - games-fps/quake4-bin/metadata.xml | 25 ---- games-fps/quake4-bin/quake4-bin-1.4.2-r2.ebuild | 133 --------------------- games-fps/quake4-data/metadata.xml | 8 -- .../quake4-data/quake4-data-1.0.2147.12.ebuild | 56 --------- games-fps/quake4-demo/Manifest | 1 - games-fps/quake4-demo/metadata.xml | 24 ---- games-fps/quake4-demo/quake4-demo-1.0-r2.ebuild | 73 ----------- profiles/package.mask | 19 --- 43 files changed, 1011 deletions(-) |
