Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 397679 - <games-sports/torcs-1.3.3: acc Buffer Overflow Vulnerability (CVE-2011-4620)
Summary: <games-sports/torcs-1.3.3: acc Buffer Overflow Vulnerability (CVE-2011-4620)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://torcs.sourceforge.net/index.ph...
Whiteboard: B2 [noglsa]
Keywords:
: 399895 405487 (view as bug list)
Depends on: 398743 415909
Blocks:
  Show dependency tree
 
Reported: 2012-01-04 19:47 UTC by KinG-InFeT
Modified: 2016-03-22 10:31 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
exploit public (exploit,2.82 KB, text/plain)
2012-01-04 19:47 UTC, KinG-InFeT
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description KinG-InFeT 2012-01-04 19:47:36 UTC
There is this storm overflow vulnerability torcs.

Exploit attached.

Reproducible: Always
Comment 1 KinG-InFeT 2012-01-04 19:47:53 UTC
Created attachment 297963 [details]
exploit public
Comment 2 Agostino Sarubbo gentoo-dev 2012-01-04 19:55:31 UTC
@games, can you check if there is a fix for it? TIA
Comment 3 KinG-InFeT 2012-01-04 19:57:51 UTC
the exploit has just come out so I can not even tell you
Comment 4 Mr. Bones. (RETIRED) gentoo-dev 2012-01-04 20:36:45 UTC
So if you can modify the data in /usr/share/games you can run code as whatever user runs the games that read that data?  News at 11.

How is this interesting?
Comment 5 Agostino Sarubbo gentoo-dev 2012-01-04 22:27:23 UTC
anyway is fixed in TORCS-1.3.2-test2
Comment 6 KinG-InFeT 2012-01-09 19:29:54 UTC
Here we talk about the bug and there is also a patch to fix the bug.

http://sourceforge.net/mailarchive/forum.php?set=custom&viewmonth=&viewday=&forum_name=torcs-devel&style=nested&max_rows=25&submit=Change+View
Comment 7 KinG-InFeT 2012-01-23 20:51:27 UTC
update a new version: https://bugs.gentoo.org/show_bug.cgi?id=399895
Comment 8 Agostino Sarubbo gentoo-dev 2012-01-23 21:40:28 UTC
*** Bug 399895 has been marked as a duplicate of this bug. ***
Comment 9 KinG-InFeT 2012-01-31 23:09:28 UTC
because you have not yet updated the ebuild?
Comment 10 KinG-InFeT 2012-02-06 20:40:37 UTC
a bug left, expects progress from version 1.3.1 to 1.3.2 ebuild for safety tests.
Comment 11 KinG-InFeT 2012-02-08 22:11:56 UTC
Version 1.3.2 is also bugged by buffer overflow:
http://www.1337day.com/exploits/17500?utm_source=dlvr.it&utm_medium=twitter
Comment 12 Mr. Bones. (RETIRED) gentoo-dev 2012-02-23 21:18:47 UTC
*** Bug 405487 has been marked as a duplicate of this bug. ***
Comment 13 KinG-InFeT 2012-02-24 17:08:03 UTC
from the changelog you can see that the bug has been fixed

> Fixed another possible buffer overflow reported by Andres Gomez (Andres, Bernhard).

 you must upgrade it to version 1.3.3 as soon as possible, using a dump and delete the old ebuild vulnerable.
Comment 14 KinG-InFeT 2012-03-23 08:15:45 UTC
added the links for 1.3.3 version and changelog.

I testing on x86 plathform torcs v1.3.3
Comment 15 KinG-InFeT 2012-04-28 11:34:23 UTC
version bump (1.3.3) requirement!!!!
Comment 16 KinG-InFeT 2012-06-03 19:40:47 UTC
UP
Comment 17 Julian Ospald 2012-12-14 22:58:02 UTC
updated to 1.3.4
Comment 18 Tim Sammut (RETIRED) gentoo-dev 2013-01-03 00:50:32 UTC
(In reply to comment #17)
> updated to 1.3.4

Thank you, Julian. Do we know if 1.3.4 fixes this issue?
Comment 19 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-02-21 04:16:19 UTC
1.3.6 is in the tree.  unable to locate any relevant information to confirm this vulnerability is fixed.  If no one else has anything I will close this soon
Comment 20 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-02-21 04:22:45 UTC
Confirmed bug was fixed in 1.3.3.  

http://www.vuxml.org/freebsd/ba51c2f7-5b43-11e1-8288-00262d5ed8ee.html

Additional information:

http://plugins.openvas.org/nasl.php?oid=71167
Comment 21 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-03-22 10:29:09 UTC
No vote on a very old bug.