Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 345691 (CVE-2010-4168)

Summary: <games-simulation/openttd-1.0.5: Denial of Service Vulnerability (CVE-2010-4168)
Product: Gentoo Security Reporter: Tim Sammut (RETIRED) <underling>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: games
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://security.openttd.org/en/CVE-2010-4168
Whiteboard: B3 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 346229    
Bug Blocks:    
Attachments:
Description Flags
patch from http://security.openttd.org/en/patch/28.patch none

Description Tim Sammut (RETIRED) gentoo-dev 2010-11-15 23:55:45 UTC 
From $URL: 

<--

When a client disconnects, without sending the "quit" or "client error" message, the server has a chance of reading and writing a just freed piece of memory. The chance depends on when the disconnect is noticed, whether OpenTTD can write to the socket, and whether there are packets from the client waiting to be processed. The writing can only happen while the server is sending the map.

For clients there is a chance that, upon reconnect after being disconnected during the join process, a just freed piece of memory is read.

Depending on what happens directly after freeing the memory there is a chance that a segmentation fault, and thus a denial of service will occur.

The attached patch does not change network compatability at all. 

<--

Upstream indicates this is fixed in 1.0.5.
Comment 1 Thomas 2010-11-18 11:36:37 UTC 
Created attachment 254707 [details, diff]
patch from http://security.openttd.org/en/patch/28.patch

(In reply to comment #0)
> The attached patch does not change network compatability at all.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2010-11-22 14:37:22 UTC 
=games-simulation/openttd-1.0.5 was added to the tree thanks to bug 346229.

Mr_bones_, or the games herd, if you don't mind removing this from package.mask, we will call for stabilization.

# Michael Sterrett <mr_bones_@gentoo.org> (17 Nov 2010)
# Security mask for bug #345691
games-simulation/openttd

Thank you.
Comment 3 Tomáš Chvátal (RETIRED) gentoo-dev 2010-11-23 09:19:03 UTC 
The version is now unmasked.
CC arches as see fit.
Comment 4 Tupone Alfredo gentoo-dev 2010-11-23 11:34:08 UTC 
Maybe stabilize 1.0.5?
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2010-11-23 14:37:55 UTC 
Thanks, folks.

Arches, please test and mark stable:
=games-simulation/openttd-1.0.5
Target keywords : "amd64 ppc ppc64 x86"
Comment 6 Christian Faulhammer (RETIRED) gentoo-dev 2010-11-24 00:01:44 UTC 
x86 stable
Comment 7 Brent Baude (RETIRED) gentoo-dev 2010-11-25 00:59:01 UTC 
ppc done
Comment 8 Brent Baude (RETIRED) gentoo-dev 2010-11-25 01:24:40 UTC 
ppc64 done
Comment 9 blain 'Doc' Anderson 2010-11-27 17:39:40 UTC 
AMD64 done
Comment 10 Markos Chandras (RETIRED) gentoo-dev 2010-11-28 12:07:55 UTC 
amd64 done. Thanks Blain
Comment 11 Tim Sammut (RETIRED) gentoo-dev 2010-11-28 15:18:00 UTC 
GLSA Vote: yes.
Comment 12 Stefan Behte (RETIRED) gentoo-dev Security 2010-11-29 20:27:11 UTC 
Vote: NO (it's just a game, and only DOS).
Comment 13 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2011-01-03 20:57:46 UTC 
DoS in a game is hardly a security issue so GLSA Vote: no -> Closing. Feel free to reopen if you disagree.