oss-sec mailing list archives
CVE Request -- alienarena - 7.31
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Fri, 23 Oct 2009 10:57:21 +0200
Hello Steve, vendors, remotely exploitable buffer overflow flaw by processing specially-crafted UDP reply from game server (leading to arbitrary code execution) was fixed in latest upstream alienarena-7.31 release. References: ----------- http://www.ngssoftware.com/brochures/Anonymous.Remote.Arbitrary.Code.Execution.in.Alien.Arena.pdf (More descriptive issue details) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552038 (Original source) http://icculus.org/alienarena/changelogs/7.31.txt (Revisions 1390 and 1391). Upstream patch: --------------- http://svn.icculus.org/alienarena/trunk/source/client/menu.c?r1=1383&r2=1391 (Merged change of 1390 and 1391) Could you allocate a CVE identifier? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- alienarena - 7.31 Jan Lieskovsky (Oct 23)
- Re: CVE Request -- alienarena - 7.31 Josh Bressers (Oct 23)