Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 09 Jan 2012 11:48:15 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request for OpenTTD

On 01/07/2012 08:13 AM, Rubidium wrote:
> Hi folks,
>
> we, the OpenTTD developers, have identified a security vulnerability in
> OpenTTD (an open source game with multiplayer). Would you be so kind
> as to allocate a CVE id for this issue?
>
> The issue concerns a denial of service vulnerability in the form of a
> slow read attack preventing anyone to join the server, and preventing
> the continuation of a game when 'pause on join' is enabled. This
> attack requires the attacker to be authorized, but most servers do not
> implement authorization. The first vulnerable version is 0.3.5, the
> upcoming 1.1.5 release will have the issue fixed.
>
> Once a CVE id is allocated, the issue and fix will be documented at
> http://security.openttd.org/CVE-2012-xxxx
>
> Thanks in advance,
> Remko 'Rubidium' Bijker
>
> (Please CC me, I'm not subscribed)
Need more information like a code commit to link to.

-- Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ