'Re: [oss-security] CVE request for OpenTTD'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request for OpenTTD
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2013-11-29 8:01:42
Message-ID: 529849E6.2040805 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/28/2013 01:10 PM, Rubidium wrote:
> Hello folks,
> 
> the OpenTTD team and contributors have discovered several a
> security vulnerability in OpenTTD. Please be so kind to allocate a
> CVE id for the issues detailed below:
> 
> Denial of service (server) using forcefully crashed aircrafts
> 
> A missing validation allows remote attackers to cause a denial of 
> service (crash) by forcefully crashing aircraft near the corner of
> the map. This triggers a corner case where data outside of the
> allocated map array is accessed.
> 
> A test case, and simple guide how to reproduce it can be found in
> the issue in our bug tracker at http://bugs.openttd.org/task/5820
> 
> Vulnerability is present since 0.3.6 and will be fixed in the
> upcoming 1.3.3 release.
> 
> Once the CVE id is allocated, the issue will be fully documented
> at http://security.openttd.org/en/CVE-2013-xxxx
> 
> Thanks, Remko 'Rubidium' Bijker
> 
> [Please CC me, I'm not subscribed.]
> 

Please use CVE-2013-6411 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSmEnmAAoJEBYNRVNeJnmTbHkP/A5u/0Rl0hNzgBfzn3Q7mSw/
CknymiSbZXxgviIZ/oWmzWqyD1pDTSes2gIy7bpzm/+YrEGxpu4JV89x7NSpnB3C
LGGQT8T+pkDd+kqui0DDwBo20EHotEMiWrUbXWnnNIoSsGnQAKirpaqOrznds+dx
rfPrMmMTs6nix7Jk4ePA0sIRmy0Z+zuqDQ+fRzmVf9igrFo1M1HAQz5CRnXE3Yab
b83ak4LRwP0+SxHnL+QNJbtKQtysFbVIkMNIDSDcfU0OdoOZbP7uTd09VqvOo5Gq
CGrgTgIL4z8XRlIcKEf1tnPE/TbhJqf8wzydkrmZWX3l8qmwqktE2rMEFyiJ9zF2
bav1ws+BIvzE9OKea2ggQFhxPFoi/0/uhvyIG+fzAYVdtfHXHOyL0mXfBn43Orli
2COYejCsKbu96q5xl3+9TwxsxNgXGX8faON+drgpIrLwQ6/+tOJtjlhW46JrlvyT
dxOnD2F9dnZhoJLWbWTJvPLNVqq83Y16gcShaPH0vvatsi/QJveCaPG1ZA564UH7
4quPhMT6FCntHgH8ZClb6eAb4b1oR5oAfiVyTI50Ev+p+09wQ6xNdEPFMdQe5i+6
MChMCfs0csZGjAeW5OBdOYGXIdgK7mP8SqvDLn9SGgIwdr9WWQsIXvoekIbyj7W8
62hHhiEw3be2U1LXGS5+
=rX1U
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic