Re: CVE request for OpenTTD

[frosch <frosch () openttd org>]

> > > On 07/27/2012 03:42 PM, frosch wrote:
> > > > Hello,
> > > >
> > > > we, the OpenTTD developers, have identified a security 
> > > > vulnerability in OpenTTD (an open source game with
> > > > multiplayer). Would you be so kind as to allocate a CVE id for
> > > > this issue?
> > > >
> > > > The issue concerns a denial of service vulnerabilty which
> > > > enables an attacker to force the server into an invalid game
> > > > state. The server will abort upon detecting this state. This
> > > > attack can be performed using an unmodified client via normal
> > > > game interaction. The attack requires authorization, but most
> > > > servers do not implement authorization. The first vulnerable
> > > > version is 0.6.0, the upcoming 1.2.2 release will have the
> > > > issue fixed.
> > > >
> > > > Once a CVE id is allocated, the issue and fix will be
> > > > documented at http://security.openttd.org/CVE-2012-xxxx
> > > >
> > > > Thanks in advance, Christoph 'frosch' Elsenhans
> > > >
> > > > (Please CC me, I'm not subscribed)
> > >
> > > Sorry can you please provide links to an advisory, code commit,
> > > or something so we have a reference?
> > trunk commit: http://vcs.openttd.org/svn/changeset/24439/ Bug
> > report: http://bugs.openttd.org/task/5254
> >
> > Later on http://security.openttd.org/CVE-2012-xxxx will supply
> > patches for all vulnerable versions, and also link to the bug
> > tracker and related commits.
> >
> > Regards
>
> Perfect, thanks. Please use CVE-2012-3436 for this issue.
>
> P.S. with respect to "In some cases ships could be covered with land."
> couldn't the ship sail into a cave or over hanging cliff? ;)

The detailed description is now public on
http://security.openttd.org/CVE-2012-3436

Note that both the problem description and patches have been updated
to cover a second case of this bug, so if you downloaded the patches
before 2012-07-31 16:00 UTC, please download them again.