Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 492876 (CVE-2013-6411) - <games-simulation/openttd-1.3.3: Forced Aircraft Crash Denial of Service Vulnerability (CVE-2013-6411)
Summary: <games-simulation/openttd-1.3.3: Forced Aircraft Crash Denial of Service Vuln...
Alias: CVE-2013-6411
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa]
Depends on: 493094
  Show dependency tree
Reported: 2013-11-29 16:50 UTC by Agostino Sarubbo
Modified: 2014-07-07 16:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-11-29 16:50:51 UTC
From ${URL} :


A vulnerability has been reported in the OpenTTD, which can be exploited by malicious people to cause a 
DoS (Denial of Service).

The vulnerability is caused due to an error within the "HandleCrashedAircraft()" function 
(aircraft_cmd.cpp) and can be exploited to cause a crash of the server when aircrafts are forced to crash 
outside the bounds of a map.

The vulnerability is reported in versions 0.3.6 through 0.5.3, 0.6.0 through 0.7.3, 1.0.0 through 1.1.5, 
and 1.2.0 through 1.3.2.

Apply patch or update to version 1.3.3 when available.

Further details available to Secunia VIM customers

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2013-12-21 01:39:42 UTC
CVE-2013-6411 (
  The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3.6
  through 1.3.2 allows remote attackers to cause a denial of service
  (out-of-bounds read and crash) by crashing an aircraft outside of the map.
Comment 2 Sergey Popov gentoo-dev 2014-01-06 22:28:41 UTC
Ok, stabilization and cleanup are done.

GLSA vote: yes
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2014-06-19 01:40:51 UTC
GLSA Vote: Yes
Created a New GLSA request.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-07-07 16:40:54 UTC
This issue was resolved and addressed in
 GLSA 201407-01 at
by GLSA coordinator Mikle Kolyada (Zlogene).