Richard Stanway posted on QuakeDev Forums page: [1] http://www.quakedev.com/forums/index.php?topic=53.0 two new vulnerabilities affecting also code, as present in Alien Arena (from [1]): A, "Multiple auto downloading DoS conditions: By supplying various invalid parameters to the download command, it is possible to cause a DoS condition by causing the server to crash. A path ending in . or / will crash on Linux. Supplying a negative offset will cause a crash on all platforms." Proposed patch: ---------------- [2] http://corent.proboards.com/index.cgi?action=gotopost&board=bugreport&thread=4761&post=44624 Public PoC: ----------- [3] http://corent.proboards.com/index.cgi?action=gotopost&board=bugreport&thread=4761&post=44611 => cmd download maps/tca-zion.bsp -123456789 CVSSv2 Score: 4.0/AV:N/AC:L/Au:S/C:N/I:N/A:P ------------- B, "Server-side cvar expansion: By passing an unexpanded string containing $macros to the server, the server will expand it using it's cvars. This can be used to leak sensitive information such as the rcon_password cvar." Proposed patch: --------------- NA Public PoC: ----------- [4] http://www.quakedev.com/forums/index.php?topic=53.0 => At the client console: "say $rcon_password" CVSSv2 Score: 4.0/ AV:N/AC:L/Au:S/C:P/I:N/A:N ------------- References: ----------- [5] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575621 CVE Request: ------------ [6] http://www.openwall.com/lists/oss-security/2010/03/29/3
These issues affect the versions of the alienarena package, as shipped with Fedora release of 11 and 12. Please fix (once the patch for second issue is available).
Reply from Richard Stanway regarding the proposed fix: [7] http://www.openwall.com/lists/oss-security/2010/03/29/5
Cmd_TokenizeString (s, false) is used in alienarena's sv_user.c, so the second issue does not appear to be applicable.
alienarena-7.32-3.fc12.2 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/alienarena-7.32-3.fc12.2
alienarena-7.32-3.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/alienarena-7.32-3.fc11
alienarena-7.33-2.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/alienarena-7.33-2.fc13
alienarena-7.32-3.fc12.2 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
alienarena-7.32-3.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
alienarena-7.33-2.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
This is CVE-2010-3439