Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 28 Nov 2013 21:10:53 +0100
From: Rubidium <rubidium@...nttd.org>
To: oss-security@...ts.openwall.com
Subject: CVE request for OpenTTD

Hello folks,

the OpenTTD team and contributors have discovered several a security
vulnerability in OpenTTD. Please be so kind to allocate a CVE id for
the issues detailed below:

Denial of service (server) using forcefully crashed aircrafts

A missing validation allows remote attackers to cause a denial of 
service (crash) by forcefully crashing aircraft near the corner of the 
map. This triggers a corner case where data outside of the allocated map 
array is accessed.

A test case, and simple guide how to reproduce it can be found in the 
issue in our bug tracker at http://bugs.openttd.org/task/5820

Vulnerability is present since 0.3.6 and will be fixed in the upcoming
1.3.3 release.

Once the CVE id is allocated, the issue will be fully documented at
http://security.openttd.org/en/CVE-2013-xxxx

Thanks,
Remko 'Rubidium' Bijker

[Please CC me, I'm not subscribed.]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ