GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Jan 11, 2009 7:26 pm Post subject: [ GLSA 200901-06 ] Tremulous: User-assisted execution of arb |
|
|
Gentoo Linux Security Advisory
Title: Tremulous: User-assisted execution of arbitrary code (GLSA 200901-06)
Severity: normal
Exploitable: remote
Date: January 11, 2009
Bug(s): #222119
ID: 200901-06
Synopsis
A buffer overflow vulnerability has been discovered in Tremulous.
Background
Tremulous is a team-based First Person Shooter game.
Affected Packages
Package: games-fps/tremulous
Vulnerable: < 1.1.0-r2
Unaffected: >= 1.1.0-r2
Architectures: All supported architectures
Package: games-fps/tremulous-bin
Vulnerable: < 1.1.0
Architectures: All supported architectures
Description
It has been reported that Tremulous includes a vulnerable version of
the ioQuake3 engine (GLSA 200605-12, CVE-2006-2236).
Impact
A remote attacker could entice a user to connect to a malicious games
server, possibly resulting in the execution of arbitrary code with the
privileges of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
Tremulous users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=games-fps/tremulous-1.1.0-r2" |
Note: The binary version of Tremulous has been removed from the Portage
tree.
References
CVE-2006-2236
GLSA 200605-12
Last edited by GLSA on Mon Jun 10, 2013 4:29 am; edited 3 times in total |
|