Date: Mon, 2 Dec 2013 13:48:40 GMT From: "rum1cro@yandex.ru" <rum1cro@yandex.ru> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/184434: [patch] security/vuxml openttd: Denial of service (server) using forcefully crashed aircrafts. Message-ID: <201312021348.rB2Dmece020908@oldred.freebsd.org> Resent-Message-ID: <201312021350.rB2Do0Se047523@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 184434 >Category: ports >Synopsis: [patch] security/vuxml openttd: Denial of service (server) using forcefully crashed aircrafts. >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Dec 02 13:50:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: rum1cro@yandex.ru >Release: FreeBSD 11.0-CURRENT >Organization: Home Inc. ^_^ >Environment: FreeBSD m1cro.park 11.0-CURRENT FreeBSD 11.0-CURRENT #3 r256311M: Fri Oct 11 13:38:42 MSK 2013 root@m1cro.park:/usr/obj/usr/src/sys/MICROKERNEL amd64 >Description: [patch] security/vuxml openttd: Denial of service (server) using forcefully crashed aircrafts. >How-To-Repeat: >Fix: Patch was attached or there: http://m1cro.tk/ports/security/vuxml/vuxml_openttd-1.3.3.patch Patch attached with submission follows: Index: vuln.xml =================================================================== --- vuln.xml (revision 335482) +++ vuln.xml (working copy) @@ -51,6 +51,39 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="d2073237-5b52-11e3-80f7-c86000cbc6ec"> + <topic>openttd -- Denial of service using forcefully crashed aircrafts</topic> + <affects> + <package> + <name>openttd</name> + <range><ge>0.3.6</ge><lt>1.3.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>OpenTTD reports:</p> + <blockquote cite="https://security.openttd.org/en/CVE-2013-6411">; + <p>The problem is caused by incorrectly handling the fact that + the aircraft circling the corner airport will be outside of the bounds + of the map. In the 'out of fuel' crash code the height of the tile + under the aircraft is determined. In this case that means a tile + outside of the allocated map array, which could occasionally + trigger invalid reads.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-6411</cvename> + <url>https://security.openttd.org/en/CVE-2013-6411</url>; + <url>http://bugs.openttd.org/task/5820</url>; + <url>http://vcs.openttd.org/svn/changeset/26134</url>; + </references> + <dates> + <discovery>2013-11-28</discovery> + <entry>2013-11-28</entry> + </dates> + </vuln> + <vuln vid="620cf713-5a99-11e3-878d-20cf30e32f6d"> <topic>monitorix -- serious bug in the built-in HTTP server</topic> <affects> >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201312021348.rB2Dmece020908>