Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3
beta 5 allow remote attackers to execute arbitrary code via a long string
to UDP port 26000.
I don't know if the vulnerability is specific to the Beta version mentioned in the CVE and whether our version is vulnerable-
Games, please advise.
There's no mention of 0.5.0 in any of the stuff I could find on this. Is there any reason to think the version in portage is vulnerable?
(In reply to comment #2)
> Is there any reason to think the version in portage is vulnerable?
Only that a later version is vulnerable. It's reason enough for me to believe that the prior version *might* also be vulnerable.
If you have the game installed, you could try the exploit at
Mr. Bones, were you able to reproduce this?
I didn't try.
Uh, a year for a B1 vulnerability? Can't check it b/c i don't have a x86 here, but there's now version 0.5.4b1 available. maybe that fixes it?
in V0.5.4 BETA 1 is stable and fixed this vulnerability
This package was stable on x86, but has since been hardmasked.
# Samuli Suominen <email@example.com> (30 Oct 2011)
# Masked for security bug #294253, use only at your own risk!
GLSA request filed.
This issue was resolved and addressed in
GLSA 201412-09 at http://security.gentoo.org/glsa/glsa-201412-09.xml
by GLSA coordinator Sean Amoss (ackle).