300175 – (CVE-2009-4007) <games-simulation/openttd-0.7.5 Wagon/Dual headed engine (yay!) DoS (CVE-2009-4007)

Bug 300175 (CVE-2009-4007) - <games-simulation/openttd-0.7.5 Wagon/Dual headed engine (yay!) DoS (CVE-2009-4007)

Summary: <games-simulation/openttd-0.7.5 Wagon/Dual headed engine (yay!) DoS (CVE-2009...

Status:	RESOLVED FIXED

Alias:	CVE-2009-4007

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor
Assignee:	Gentoo Security

URL:	http://www.openttd.org/en/news/112
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:	300182
Blocks:
	Show dependency tree

Reported:	2010-01-08 16:12 UTC by Alex Legler (RETIRED)
Modified:	2010-08-01 13:25 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alex Legler (RETIRED) archtester

2010-01-08 16:12:35 UTC

CVE-2009-4007 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4007):
  Unspecified vulnerability in the NormaliseTrainConsist function in
  src/train_cmd.cpp in OpenTTD before 0.7.5-RC1 allows remote attackers
  to cause a denial of service (daemon crash) via certain game actions
  involving a wagon and a dual-headed engine.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2010-03-06 17:02:21 UTC

Hi games, can openttd go stable?

Comment 2 Denilson Sá Maia 2010-07-17 17:33:02 UTC

I think this bug can be closed... Current portage versions are 1.0.1 and 1.0.2

Comment 3 Stefan Behte (RETIRED) gentoo-dev

2010-08-01 13:25:56 UTC

DOS in game -> closing noglsa.