[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request for OpenTTD
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2013-11-29 8:01:42
Message-ID: 529849E6.2040805 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/28/2013 01:10 PM, Rubidium wrote:
> Hello folks,
>
> the OpenTTD team and contributors have discovered several a
> security vulnerability in OpenTTD. Please be so kind to allocate a
> CVE id for the issues detailed below:
>
> Denial of service (server) using forcefully crashed aircrafts
>
> A missing validation allows remote attackers to cause a denial of
> service (crash) by forcefully crashing aircraft near the corner of
> the map. This triggers a corner case where data outside of the
> allocated map array is accessed.
>
> A test case, and simple guide how to reproduce it can be found in
> the issue in our bug tracker at http://bugs.openttd.org/task/5820
>
> Vulnerability is present since 0.3.6 and will be fixed in the
> upcoming 1.3.3 release.
>
> Once the CVE id is allocated, the issue will be fully documented
> at http://security.openttd.org/en/CVE-2013-xxxx
>
> Thanks, Remko 'Rubidium' Bijker
>
> [Please CC me, I'm not subscribed.]
>
Please use CVE-2013-6411 for this issue.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQIcBAEBAgAGBQJSmEnmAAoJEBYNRVNeJnmTbHkP/A5u/0Rl0hNzgBfzn3Q7mSw/
CknymiSbZXxgviIZ/oWmzWqyD1pDTSes2gIy7bpzm/+YrEGxpu4JV89x7NSpnB3C
LGGQT8T+pkDd+kqui0DDwBo20EHotEMiWrUbXWnnNIoSsGnQAKirpaqOrznds+dx
rfPrMmMTs6nix7Jk4ePA0sIRmy0Z+zuqDQ+fRzmVf9igrFo1M1HAQz5CRnXE3Yab
b83ak4LRwP0+SxHnL+QNJbtKQtysFbVIkMNIDSDcfU0OdoOZbP7uTd09VqvOo5Gq
CGrgTgIL4z8XRlIcKEf1tnPE/TbhJqf8wzydkrmZWX3l8qmwqktE2rMEFyiJ9zF2
bav1ws+BIvzE9OKea2ggQFhxPFoi/0/uhvyIG+fzAYVdtfHXHOyL0mXfBn43Orli
2COYejCsKbu96q5xl3+9TwxsxNgXGX8faON+drgpIrLwQ6/+tOJtjlhW46JrlvyT
dxOnD2F9dnZhoJLWbWTJvPLNVqq83Y16gcShaPH0vvatsi/QJveCaPG1ZA564UH7
4quPhMT6FCntHgH8ZClb6eAb4b1oR5oAfiVyTI50Ev+p+09wQ6xNdEPFMdQe5i+6
MChMCfs0csZGjAeW5OBdOYGXIdgK7mP8SqvDLn9SGgIwdr9WWQsIXvoekIbyj7W8
62hHhiEw3be2U1LXGS5+
=rX1U
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic