Re: CVE request for OpenTTD

[Josh Bressers <bressers () redhat com>]

----- Original Message -----
> Hello folks,
>
> the OpenTTD team and contributors have discovered several security
> vulnerabilities in OpenTTD. Please be so kind to allocate a CVE id for
> each of the issues detailed below:
>
> 1.) Denial of service via improperly validated commands
>
> In multiple places in-game commands are not properly validated that allow
> remote attackers to cause a denial of service (crash) and possibly
> execute arbitrary code via unspecified vectors.
>
> Vulnerability is present since 0.3.5 and will be fixed in the upcoming
> 1.1.3 release. Issue report at http://bugs.openttd.org/task/4745

Use CVE-2011-3341 for the above.

> 2.) Buffer overflows in savegame loading
>
> In multiple places indices in savegames are not properly validated that
> allow (remote) attackers to cause a denial of service (crash) and
> possibly execute arbitrary code via unspecified vectors.
>
> Vulnerability is present since 0.1.0 and will be fixed in the upcoming
> 1.1.3 release. Issue reports at http://bugs.openttd.org/task/4717 and
> http://bugs.openttd.org/task/4748

Use CVE-2011-3342 for the above.

> 3.) Multiple buffer overflows in validation of external data
>
> In multiple places external data from the local file system isn't
> properly checked before allocating memory, which could lead to buffer
> overflows and arbitrary code execution.
>
> Vulnerability is present since 0.3.4 and will be fixed in the upcoming
> 1.1.3 release. Issue reports at http://bugs.openttd.org/task/4746 and
> http://bugs.openttd.org/task/4747

Use CVE-2011-3343 for the above.

Thanks.

-- 
    JB