Bug 735841 (CVE-2011-3341, CVE-2011-3342, CVE-2011-3343) - CVE-2011-3341 CVE-2011-3342 CVE-2011-3343 Security update available (in testing) for openttd
Summary: CVE-2011-3341 CVE-2011-3342 CVE-2011-3343 Security update available (in testi...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-3341, CVE-2011-3342, CVE-2011-3343
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 736178
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-09-05 16:54 UTC by Bruno Wolff III
Modified: 2019-09-29 12:47 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-09-20 15:11:56 UTC

Attachments (Terms of Use)

Description Bruno Wolff III 2011-09-05 16:54:20 UTC 
Description of problem:
The following archive entry describes the issue:
http://www.openwall.com/lists/oss-security/2011/09/02/4
openTTD 1.1.3-RC1 is available now.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Vincent Danen 2011-09-06 22:16:02 UTC 
The following are the specifics of the vulnerabilities reported:

1.) Denial of service via improperly validated commands (CVE-2011-3341):

In multiple places in-game commands are not properly validated that allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Vulnerability is present since 0.3.5 and will be fixed in the upcoming 1.1.3 release. Issue report at http://bugs.openttd.org/task/4745

2.) Buffer overflows in savegame loading (CVE-2011-3342):

In multiple places indices in savegames are not properly validated that allow (remote) attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Vulnerability is present since 0.1.0 and will be fixed in the upcoming 1.1.3 release. Issue reports at http://bugs.openttd.org/task/4717 and http://bugs.openttd.org/task/4748

3.) Multiple buffer overflows in validation of external data (CVE-2011-3343):

In multiple places external data from the local file system isn't properly checked before allocating memory, which could lead to buffer overflows and arbitrary code execution.

Vulnerability is present since 0.3.4 and will be fixed in the upcoming 1.1.3 release. Issue reports at http://bugs.openttd.org/task/4746 and http://bugs.openttd.org/task/4747
Comment 2 Vincent Danen 2011-09-06 22:20:16 UTC 
Created openttd tracking bugs for this issue

Affects: fedora-all [bug 736178]
Comment 3 Felix Kaechele 2011-09-07 07:59:56 UTC 
Working on it.
Comment 4 Vincent Danen 2011-09-20 15:11:56 UTC 
Fedora updates have been released:

openttd-1.1.3-1.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/openttd-1.1.3-1.fc16

openttd-1.1.3-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/openttd-1.1.3-1.fc15

openttd-1.1.3-1.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/openttd-1.1.3-1.fc14
Note You need to log in before you can comment on or make changes to this bug.