Full Disclosure mailing list archives
[ GLSA 200511-12 ] Scorched 3D: Multiple vulnerabilities
From: Thierry Carrez <koon () gentoo org>
Date: Tue, 15 Nov 2005 13:42:58 +0100
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200511-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Scorched 3D: Multiple vulnerabilities Date: November 15, 2005 Bugs: #111421 ID: 200511-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Scorched 3D allow a remote attacker to deny service or execute arbitrary code on game servers. Background ========== Scorched 3D is a clone of the classic "Scorched Earth" DOS game, adding features like a 3D island environment and Internet multiplayer capabilities. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 games-strategy/scorched3d <= 39.1 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. Description =========== Luigi Auriemma discovered multiple flaws in the Scorched 3D game server, including a format string vulnerability and several buffer overflows. Impact ====== A remote attacker can exploit these vulnerabilities to crash a game server or execute arbitrary code with the rights of the game server user. Users not running a Scorched 3D game server are not affected by these flaws. Workaround ========== There is no known workaround at this time. Resolution ========== The Scorched 3D package has been hard-masked until a new version correcting these flaws is released. In the meantime, current users are advised to unmerge the package: # emerge --unmerge games-strategy/scorched3d References ========== [ 1 ] Original advisory http://seclists.org/lists/fulldisclosure/2005/Nov/0079.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200511-12.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security () gentoo org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [ GLSA 200511-12 ] Scorched 3D: Multiple vulnerabilities Thierry Carrez (Nov 15)