Date: Mon, 09 Jan 2012 11:48:15 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request for OpenTTD On 01/07/2012 08:13 AM, Rubidium wrote: > Hi folks, > > we, the OpenTTD developers, have identified a security vulnerability in > OpenTTD (an open source game with multiplayer). Would you be so kind > as to allocate a CVE id for this issue? > > The issue concerns a denial of service vulnerability in the form of a > slow read attack preventing anyone to join the server, and preventing > the continuation of a game when 'pause on join' is enabled. This > attack requires the attacker to be authorized, but most servers do not > implement authorization. The first vulnerable version is 0.3.5, the > upcoming 1.1.5 release will have the issue fixed. > > Once a CVE id is allocated, the issue and fix will be documented at > http://security.openttd.org/CVE-2012-xxxx > > Thanks in advance, > Remko 'Rubidium' Bijker > > (Please CC me, I'm not subscribed) Need more information like a code commit to link to. -- Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ