Bug 288295 (CVE-2009-3591)

Summary:

<games-strategy/dopewars-1.5.12-r2: Server DoS (CVE-2009-3591)

Product:

Gentoo Security

Reporter:

Alex Legler (RETIRED) <a3li>

Component:

Vulnerabilities

Assignee:

Gentoo Security <security>

Status:

RESOLVED FIXED

Severity:

minor

CC:

games

Priority:

High

Version:

unspecified

Hardware:

All

OS:

Linux

URL:

http://dopewars.svn.sourceforge.net/viewvc/dopewars/dopewars/trunk/src/serverside.c?r1=1023&r2=1033&pathrev=1033

Whiteboard:

B3 [noglsa]

Package list:

Runtime testing required:

---

Attachments:

Description	Flags
dopewars-CVE-2009-3591.patch	none

Description Alex Legler (RETIRED) archtester

2009-10-09 12:10:13 UTC

CVE-2009-3591 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3591):
  Dopewars 1.5.12 allows remote attackers to cause a denial of service
  (segmentation fault) via a REQUESTJET message with an invalid
  location.

Comment 1 Alex Legler (RETIRED) archtester

2009-10-09 12:11:27 UTC

Created attachment 206523 [details, diff]
dopewars-CVE-2009-3591.patch

Patch taken from upstream SVN.

Comment 2 Mr. Bones. (RETIRED) gentoo-dev

2009-10-09 20:53:47 UTC

in portage.

Comment 3 Stefan Behte (RETIRED) gentoo-dev

2009-11-06 14:36:58 UTC

Arches, please test and mark stable:
=games-strategy/dopewars-1.5.12-r2
Target keywords : "amd64 ppc x86"

Games: Please remove the old version after 1.5.12-r2 is stable.

Comment 4 Christian Faulhammer (RETIRED) gentoo-dev

2009-11-07 17:10:54 UTC

x86 stable

Comment 5 Markus Meier gentoo-dev

2009-11-09 12:46:06 UTC

amd64 stable

Comment 6 Mounir Lamouri (volkmar) (RETIRED) gentoo-dev

2009-11-11 11:10:32 UTC

ppc stable
It was the last arch so, security team, you can fix the bug.

Comment 7 Stefan Behte (RETIRED) gentoo-dev

2009-11-11 12:27:56 UTC

Ready to vote, I vote NO (just DOS and just a game server).

Comment 8 Pierre-Yves Rofes (RETIRED) gentoo-dev

2009-12-18 08:19:41 UTC

NO too, closing