Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 02 Sep 2011 23:04:18 +0200
From: Michael Lutz <michi+openttd@...sahedron.de>
To: oss-security@...ts.openwall.com
CC: rubidium@...nttd.org
Subject: CVE request for OpenTTD

Hello folks,

the OpenTTD team and contributors have discovered several security
vulnerabilities in OpenTTD. Please be so kind to allocate a CVE id for
each of the issues detailed below:

1.) Denial of service via improperly validated commands

In multiple places in-game commands are not properly validated that allow
remote attackers to cause a denial of service (crash) and possibly execute
arbitrary code via unspecified vectors.

Vulnerability is present since 0.3.5 and will be fixed in the upcoming
1.1.3 release. Issue report at http://bugs.openttd.org/task/4745

2.) Buffer overflows in savegame loading

In multiple places indices in savegames are not properly validated that
allow (remote) attackers to cause a denial of service (crash) and possibly
execute arbitrary code via unspecified vectors.

Vulnerability is present since 0.1.0 and will be fixed in the upcoming
1.1.3 release. Issue reports at http://bugs.openttd.org/task/4717 and
http://bugs.openttd.org/task/4748

3.) Multiple buffer overflows in validation of external data

In multiple places external data from the local file system isn't properly
checked before allocating memory, which could lead to buffer overflows and
arbitrary code execution.

Vulnerability is present since 0.3.4 and will be fixed in the upcoming
1.1.3 release. Issue reports at http://bugs.openttd.org/task/4746 and
http://bugs.openttd.org/task/4747


Once the CVE ids are allocated, each issue will be fully documented at
http://security.openttd.org/en/CVE-2011-xxxx

Thanks,
Michael Lutz

[Please CC me, I'm not subscribed.]


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ