CVE-2008-3396 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3396): Unreal Tournament 2004 (UT2004) 3369 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain sequence of malformed packets.
Advisory from the author at: http://aluigi.altervista.org/adv/ut2004null-adv.txt Exploit code at: http://www.securityfocus.com/data/vulnerabilities/exploits/30427.zip AFAIR there is no patch.
While seeking for another bug, I found this: http://www.ut-x.net/UT-2004/UT2004-Server-unter-Beschuss.html
games, any updates on this one? From the page, which Craig linked: http://www.ut-x.net/View-document-details/298-v3369-3-linux-dedicated-hotfix.html http://www.ut-x.net/View-document-details/296-Linux-Server-1.3-HOTFIX-09192008.html
Fixed in games-server/ut2004-ded-3369.3 Fixed the "Dedicated" server (ucc-bin) in games-fps/ut2004-3369.3. I'm not sure if the "Listen" server in the game binary (ut2004-bin) is affected as no patch was provided.
Thanks, everyone. GLSA vote: no.
GLSA Vote: no, too. closing.
