oss-sec mailing list archives
Re: CVE request for OpenTTD
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 29 Nov 2013 01:01:42 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/28/2013 01:10 PM, Rubidium wrote:
Hello folks, the OpenTTD team and contributors have discovered several a security vulnerability in OpenTTD. Please be so kind to allocate a CVE id for the issues detailed below: Denial of service (server) using forcefully crashed aircrafts A missing validation allows remote attackers to cause a denial of service (crash) by forcefully crashing aircraft near the corner of the map. This triggers a corner case where data outside of the allocated map array is accessed. A test case, and simple guide how to reproduce it can be found in the issue in our bug tracker at http://bugs.openttd.org/task/5820 Vulnerability is present since 0.3.6 and will be fixed in the upcoming 1.3.3 release. Once the CVE id is allocated, the issue will be fully documented at http://security.openttd.org/en/CVE-2013-xxxx Thanks, Remko 'Rubidium' Bijker [Please CC me, I'm not subscribed.]
Please use CVE-2013-6411 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSmEnmAAoJEBYNRVNeJnmTbHkP/A5u/0Rl0hNzgBfzn3Q7mSw/ CknymiSbZXxgviIZ/oWmzWqyD1pDTSes2gIy7bpzm/+YrEGxpu4JV89x7NSpnB3C LGGQT8T+pkDd+kqui0DDwBo20EHotEMiWrUbXWnnNIoSsGnQAKirpaqOrznds+dx rfPrMmMTs6nix7Jk4ePA0sIRmy0Z+zuqDQ+fRzmVf9igrFo1M1HAQz5CRnXE3Yab b83ak4LRwP0+SxHnL+QNJbtKQtysFbVIkMNIDSDcfU0OdoOZbP7uTd09VqvOo5Gq CGrgTgIL4z8XRlIcKEf1tnPE/TbhJqf8wzydkrmZWX3l8qmwqktE2rMEFyiJ9zF2 bav1ws+BIvzE9OKea2ggQFhxPFoi/0/uhvyIG+fzAYVdtfHXHOyL0mXfBn43Orli 2COYejCsKbu96q5xl3+9TwxsxNgXGX8faON+drgpIrLwQ6/+tOJtjlhW46JrlvyT dxOnD2F9dnZhoJLWbWTJvPLNVqq83Y16gcShaPH0vvatsi/QJveCaPG1ZA564UH7 4quPhMT6FCntHgH8ZClb6eAb4b1oR5oAfiVyTI50Ev+p+09wQ6xNdEPFMdQe5i+6 MChMCfs0csZGjAeW5OBdOYGXIdgK7mP8SqvDLn9SGgIwdr9WWQsIXvoekIbyj7W8 62hHhiEw3be2U1LXGS5+ =rX1U -----END PGP SIGNATURE-----
Current thread:
- CVE request for OpenTTD Rubidium (Nov 28)
- Re: CVE request for OpenTTD Kurt Seifried (Nov 29)