Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request for OpenTTD
From: Josh Bressers <bressers () redhat com>
Date: Tue, 6 Sep 2011 16:45:53 -0400 (EDT)

----- Original Message -----
Hello folks,

the OpenTTD team and contributors have discovered several security
vulnerabilities in OpenTTD. Please be so kind to allocate a CVE id for
each of the issues detailed below:

1.) Denial of service via improperly validated commands

In multiple places in-game commands are not properly validated that allow
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via unspecified vectors.

Vulnerability is present since 0.3.5 and will be fixed in the upcoming
1.1.3 release. Issue report at http://bugs.openttd.org/task/4745

Use CVE-2011-3341 for the above.


2.) Buffer overflows in savegame loading

In multiple places indices in savegames are not properly validated that
allow (remote) attackers to cause a denial of service (crash) and
possibly execute arbitrary code via unspecified vectors.

Vulnerability is present since 0.1.0 and will be fixed in the upcoming
1.1.3 release. Issue reports at http://bugs.openttd.org/task/4717 and
http://bugs.openttd.org/task/4748

Use CVE-2011-3342 for the above.


3.) Multiple buffer overflows in validation of external data

In multiple places external data from the local file system isn't
properly checked before allocating memory, which could lead to buffer
overflows and arbitrary code execution.

Vulnerability is present since 0.3.4 and will be fixed in the upcoming
1.1.3 release. Issue reports at http://bugs.openttd.org/task/4746 and
http://bugs.openttd.org/task/4747


Use CVE-2011-3343 for the above.

Thanks.

-- 
    JB


  By Date           By Thread  

Current thread:
  • Re: CVE request for OpenTTD Josh Bressers (Sep 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]