Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 126169 - games-roguelike/crossfire-client | games-server/crossfire-server: DoS (CVE-2006-1010)
Summary: games-roguelike/crossfire-client | games-server/crossfire-server: DoS (CVE-20...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL: http://cve.mitre.org/cgi-bin/cvename....
Whiteboard: B2 [glsa] DerCorny
Keywords:
Depends on:
Blocks:
 
Reported: 2006-03-14 09:12 UTC by Carsten Lohrke (RETIRED)
Modified: 2006-04-22 13:58 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carsten Lohrke (RETIRED) gentoo-dev 2006-03-14 09:12:57 UTC
Buffer overflow in socket/request.c in CrossFire before 1.9.0, when oldsocketmode is enabled, allows remote attackers to cause a denial of service (segmentation fault) and possibly execute code by sending the server a large request.

http://secunia.com/advisories/19044
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2006-03-14 09:18:51 UTC
games team, are we affected? if so, please provide fixed packages.

its maybe not only DoS, CVE also talks about possible RCE.
Comment 2 Mr. Bones. (RETIRED) gentoo-dev 2006-04-21 09:12:16 UTC
1.9.0 is the only version in portage so I don't think we're affected.
Comment 3 Carsten Lohrke (RETIRED) gentoo-dev 2006-04-21 09:37:33 UTC
Well, don't know who did it, but as I  reported the bug, 1.7.1 was marked stable and 1.9.0 wasn't even in the tree. Someone removed the older ebuilds and marked 1.9.0 stable without leaving a sentence in the ChangeLog.
Comment 4 Stefan Cornelius (RETIRED) gentoo-dev 2006-04-21 09:55:35 UTC
seems to be ready for GLSA
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2006-04-22 13:58:24 UTC
GLSA 200604-11