Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 386383 (CVE-2010-2702)

Summary: games-fps/unreal-{tournament}: remote code execution vulnerability (CVE-2010-2702)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: games, vapier
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [upstream+]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 16:17:02 UTC 
CVE-2010-2702 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2702):
  Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the
  Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal
  Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4,
  when downloads are enabled, allows remote attackers to execute arbitrary
  code via a long LEVEL field in a WELCOME response to a download request.
Comment 1 Larry the Git Cow gentoo-dev 2019-12-08 21:31:14 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=25ccd8cf8f654fefc66ef924b5558873e1e44dcf

commit 25ccd8cf8f654fefc66ef924b5558873e1e44dcf
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2019-12-08 21:28:28 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2019-12-08 21:28:28 +0000

    games-fps/unreal-tournament: drop vulnerable
    
    Closes: https://bugs.gentoo.org/386383
    
    Signed-off-by: Aaron Bauman <bman@gentoo.org>

 games-fps/unreal-tournament/Manifest               |   2 -
 games-fps/unreal-tournament/metadata.xml           |  33 ------
 .../unreal-tournament/unreal-tournament-451.ebuild | 120 ---------------------
 3 files changed, 155 deletions(-)