CVE-2007-4370: Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000.
I don't know if the vulnerability is specific to the Beta version mentioned in the CVE and whether our version is vulnerable- Games, please advise.
There's no mention of 0.5.0 in any of the stuff I could find on this. Is there any reason to think the version in portage is vulnerable?
(In reply to comment #2) > Is there any reason to think the version in portage is vulnerable? Only that a later version is vulnerable. It's reason enough for me to believe that the prior version *might* also be vulnerable. If you have the game installed, you could try the exploit at http://downloads.securityfocus.com/vulnerabilities/exploits/25297.pl
Mr. Bones, were you able to reproduce this?
I didn't try.
Uh, a year for a B1 vulnerability? Can't check it b/c i don't have a x86 here, but there's now version 0.5.4b1 available. maybe that fixes it?
in V0.5.4 BETA 1 is stable and fixed this vulnerability
This package was stable on x86, but has since been hardmasked. # Samuli Suominen <ssuominen@gentoo.org> (30 Oct 2011) # Masked for security bug #294253, use only at your own risk! =media-libs/fmod-3* games-puzzle/candycrisis games-simulation/stoned-bin games-sports/racer-bin games-strategy/dark-oberon games-strategy/savage-bin GLSA request filed.
UP
This issue was resolved and addressed in GLSA 201412-09 at http://security.gentoo.org/glsa/glsa-201412-09.xml by GLSA coordinator Sean Amoss (ackle).