Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 18 Dec 2012 09:13:44 -0500 (EST)
From: Jan Lieskovsky <jlieskov@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE Request -- Freeciv (X < 2.3.3): DoS (memory exhaustion or
 excessive CPU consumption) via malformed network packets

Hello Kurt, Steve, vendors,

  Freeciv upstream has released 2.3.3 version correcting one
security issue:

A denial of service flaw was found in the way the server component
of Freeciv, a turn-based, multi-player, X based strategy game,
processed certain packets (invalid packets with whole packet length
lower than packet header size or syntactically valid packets, but
whose processing would lead to an infinite loop). A remote attacker
could send a specially-crafted packet that, when processed would lead
to freeciv server to terminate (due to memory exhaustion) or become
unresponsive (due to excessive CPU use).

References:
[1] http://aluigi.altervista.org/adv/freecivet-adv.txt
[2] https://bugs.gentoo.org/show_bug.cgi?id=447490
[3] http://freeciv.wikia.com/wiki/NEWS-2.3.3
[4] https://bugzilla.redhat.com/show_bug.cgi?id=888331

Upstream bug report:
[5] http://gna.org/bugs/?20003

Relevant patch (against trunk):
[6] http://svn.gna.org/viewcvs/freeciv?view=revision&revision=21670

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ