Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 260956 (CVE-2006-6226) - dev-games/neoengine Multiple vulnerabilities (CVE-2006-{6226,6227})
Summary: dev-games/neoengine Multiple vulnerabilities (CVE-2006-{6226,6227})
Status: RESOLVED FIXED
Alias: CVE-2006-6226
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL: http://aluigi.altervista.org/adv/neoe...
Whiteboard: ~1 [pmasked]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-03-02 16:06 UTC by Robert Buchholz (RETIRED)
Modified: 2013-10-03 04:41 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2009-03-02 16:06:30 UTC 
CVE-2006-6226 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6226):
  Multiple format string vulnerabilities in NeoEngine 0.8.2 and
  earlier, and CVS 3422, allow remote attackers to cause a denial of
  service and possibly execute arbitrary code via (1) Console::Render
  in neoengine/console.cpp and (2) TextArea::Render in
  neowtk/textarea.cpp.

CVE-2006-6227 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6227):
  The Core::Receive function in neonet/core.cpp for NeoEngine 0.8.2 and
  earlier, and CVS 3422, allow remote attackers to cause a denial of
  service (engine crash) via a message with a large uiMessageLength
  that produces a failed memory allocation and a null pointer
  dereference.
Comment 1 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-03 02:36:33 UTC 
There appears to be no fix for this. Only rdep is neotools. I'm fine with p.mask or removal. @games: thoughts?
Comment 2 Mr. Bones. (RETIRED) gentoo-dev 2013-09-03 03:54:54 UTC 
it looks dead.  Go ahead and punt them both.
Comment 3 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-03 04:06:17 UTC 
# Chris Reffett <creffett@gentoo.org> (03 Sep 2012)
# Dead upstream, outstanding security bug #260956.
# Masked for removal in 30 days.
dev-games/neoengine
dev-games/neotools
Comment 4 Chris Reffett (RETIRED) gentoo-dev Security 2013-10-03 04:41:23 UTC 
Punted from tree.