diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
commit | 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch) | |
tree | ba5f07bf3f9d22d82e54a462313f5d244036c768 /metadata/glsa/glsa-200404-12.xml |
reinit the tree, so we can have metadata
Diffstat (limited to 'metadata/glsa/glsa-200404-12.xml')
-rw-r--r-- | metadata/glsa/glsa-200404-12.xml | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-200404-12.xml b/metadata/glsa/glsa-200404-12.xml new file mode 100644 index 000000000000..d2d85a63c9e2 --- /dev/null +++ b/metadata/glsa/glsa-200404-12.xml @@ -0,0 +1,66 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="200404-12"> + <title>Scorched 3D server chat box format string vulnerability</title> + <synopsis> + Scorched 3D is vulnerable to a format string attack in the chat box that + leads to Denial of Service on the game server and possibly allows execution + of arbitrary code. + </synopsis> + <product type="ebuild">scorched3d</product> + <announced>2004-04-09</announced> + <revised>2004-04-09: 08</revised> + <bug>39302</bug> + <access>remote</access> + <affected> + <package name="games-strategy/scorched3d" auto="yes" arch="*"> + <unaffected range="ge">37</unaffected> + <vulnerable range="lt">37</vulnerable> + </package> + </affected> + <background> + <p> + Scorched 3D is a game based loosely on the classic DOS game "Scorched + Earth". Scorched 3D adds amongst other new features a 3D island + environment and LAN and internet play. Scorched 3D is totally free and is + available for multiple operating systems. + </p> + </background> + <description> + <p> + Scorched 3D (build 36.2 and before) does not properly check the text + entered in the Chat box (T key). Using format string characters, you can + generate a heap overflow. This and several other unchecked buffers have + been corrected in the build 37 release. + </p> + </description> + <impact type="high"> + <p> + This vulnerability can be easily exploited to remotely crash the Scorched + 3D server, disconnecting all clients. It could also theorically be used to + execute arbitrary code on the server with the rights of the user running + the server. + </p> + </impact> + <workaround> + <p> + A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. + </p> + </workaround> + <resolution> + <p> + Scorched 3D users should upgrade to version 37 or later: + </p> + <code> + # emerge sync + + # emerge -pv ">=games-strategy/scorched3d-37" + # emerge ">=games-strategy/scorched3d-37"</code> + </resolution> + <references> + </references> + <metadata tag="submitter"> + koon + </metadata> +</glsa> |