Bug 192983 - CVE-2006-2575 Remote termination security issue
CVE-2006-2575 Remote termination security issue
Product: Fedora
Classification: Fedora
Component: netpanzer (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Hugo Cisneiros
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2006-05-24 12:48 EDT by Jason Tibbitts
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version: 0.8-4
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-06-14 09:17:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch fixing this CVE (1.32 KB, patch)
2006-06-06 14:16 EDT, Hans de Goede
no flags Details | Diff

  None (edit)
Description Jason Tibbitts 2006-05-24 12:48:54 EDT
The netPanzer server is subject to a DOS; it can be made to crash remotely.

Versions 0.8 and lower are vulnerable.


A CVE has not yet been assigned for this issue.
Comment 1 James Kosin 2006-05-24 13:11:58 EDT
I'm not sure if I'd call a game that terminates unexpectedly a security risk.

But, to fix we should probably find out what values for FrameNum are acceptable 
and who is causing the problem to fail the ASSERT().
Comment 2 Jason Tibbitts 2006-05-24 13:17:49 EDT
(In reply to comment #1)
> I'm not sure if I'd call a game that terminates unexpectedly a security risk.

Any less than we'd call a web server that terminates unexpectedly a security
risk?  But hey, if folks want to agree that we don't add remote termination
issues for "noncritical" applications (along with a definition of just what is
considered noncritical) then I'll abide by that.  Does the perception change if
a CVE is issued?
Comment 3 Hugo Cisneiros 2006-05-24 17:37:04 EDT
Any fixes would be good to include. I'm currently watching this issue, as I am 
not a good programmer, I can't look at the source code at the time. However 
I'll try to make some efforts on this. If you have any updates, tell me. 
Regarding bug #192990, I'll look, make a patch from svn and update the 
release. Thanks for the attention.
Comment 4 Hans de Goede 2006-06-06 14:16:18 EDT
Created attachment 130628 [details]
Patch fixing this CVE

Since no-one else was doing it I've taken a look at this, with as a result the
attached patch which fixes this.

I confirmed the crash with the exploit given in the URL above, and checked that
it no longer crashes with this patch.

I however didnot check if this influences play in anyway, someone who actually
plays the game should test this, especially the flag selection for a player.
Although I believe that there should be no influence.


Whats going on with getting the fix for the other vulnerability from SVN?
Comment 5 Hugo Cisneiros 2006-06-14 09:17:29 EDT
Package fixed. Closing. Thanks!

Note You need to log in before you can comment on or make changes to this bug.