Joined: 12 May 2004
|Posted: Mon Sep 05, 2005 4:32 pm Post subject: [ GLSA 200509-03 ] OpenTTD: Format string vulnerabilities
|Gentoo Linux Security Advisory
Title: OpenTTD: Format string vulnerabilities (GLSA 200509-03)
Date: September 05, 2005
Updated: May 22, 2006
OpenTTD is vulnerable to format string vulnerabilities which may result in remote execution of arbitrary code.
OpenTTD is an open source clone of the simulation game "Transport Tycoon Deluxe" by Microprose.
Vulnerable: < 0.4.0.1-r1
Unaffected: >= 0.4.0.1-r1
Architectures: All supported architectures
Alexey Dobriyan discovered several format string vulnerabilities in OpenTTD.
A remote attacker could exploit these vulnerabilities to crash the OpenTTD server or client and possibly execute arbitrary code with the rights of the user running OpenTTD.
There are no known workarounds at this time.
All OpenTTD users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=games-simulation/openttd-0.4.0.1-r1"
Last edited by GLSA on Mon May 22, 2006 4:19 am; edited 2 times in total