GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Sep 05, 2005 4:32 pm Post subject: [ GLSA 200509-03 ] OpenTTD: Format string vulnerabilities |
|
|
Gentoo Linux Security Advisory
Title: OpenTTD: Format string vulnerabilities (GLSA 200509-03)
Severity: high
Exploitable: remote
Date: September 05, 2005
Updated: May 22, 2006
Bug(s): #102631
ID: 200509-03
Synopsis
OpenTTD is vulnerable to format string vulnerabilities which may result in remote execution of arbitrary code.
Background
OpenTTD is an open source clone of the simulation game "Transport Tycoon Deluxe" by Microprose.
Affected Packages
Package: games-simulation/openttd
Vulnerable: < 0.4.0.1-r1
Unaffected: >= 0.4.0.1-r1
Architectures: All supported architectures
Description
Alexey Dobriyan discovered several format string vulnerabilities in OpenTTD.
Impact
A remote attacker could exploit these vulnerabilities to crash the OpenTTD server or client and possibly execute arbitrary code with the rights of the user running OpenTTD.
Workaround
There are no known workarounds at this time.
Resolution
All OpenTTD users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=games-simulation/openttd-0.4.0.1-r1" |
References
CAN-2005-2763
CVE-2005-2764
Last edited by GLSA on Mon May 22, 2006 4:19 am; edited 2 times in total |
|