Lucene search
HistorySep 08, 2011 - 6:55 p.m.
CVE-2011-3341
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8 High
AI Score
Confidence
High
0.034 Low
EPSS
Percentile
91.4%
Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command.
Affected configurations
Node
openttdopenttdRange≤1.1.2
ORopenttdopenttdMatch0.1.1
ORopenttdopenttdMatch0.1.2
ORopenttdopenttdMatch0.1.3
ORopenttdopenttdMatch0.1.4
ORopenttdopenttdMatch0.2.0
ORopenttdopenttdMatch0.2.1
ORopenttdopenttdMatch0.3.0
ORopenttdopenttdMatch0.3.1
ORopenttdopenttdMatch0.3.2
ORopenttdopenttdMatch0.3.2.1
ORopenttdopenttdMatch0.3.3
ORopenttdopenttdMatch0.3.4
ORopenttdopenttdMatch0.3.5
ORopenttdopenttdMatch0.3.6
ORopenttdopenttdMatch0.3.7
ORopenttdopenttdMatch0.4.0
ORopenttdopenttdMatch0.4.0.1
ORopenttdopenttdMatch0.4.5
ORopenttdopenttdMatch0.4.6
ORopenttdopenttdMatch0.4.7
ORopenttdopenttdMatch0.4.8
ORopenttdopenttdMatch0.4.8rc1
ORopenttdopenttdMatch0.4.8rc2
ORopenttdopenttdMatch0.5.0
ORopenttdopenttdMatch0.5.0rc1
ORopenttdopenttdMatch0.5.0rc2
ORopenttdopenttdMatch0.5.0rc3
ORopenttdopenttdMatch0.5.0rc4
ORopenttdopenttdMatch0.5.0rc5
ORopenttdopenttdMatch0.5.1
ORopenttdopenttdMatch0.5.1rc1
ORopenttdopenttdMatch0.5.1rc2
ORopenttdopenttdMatch0.5.1rc3
ORopenttdopenttdMatch0.5.2
ORopenttdopenttdMatch0.5.2rc1
ORopenttdopenttdMatch0.5.3
ORopenttdopenttdMatch0.5.3rc1
ORopenttdopenttdMatch0.5.3rc2
ORopenttdopenttdMatch0.5.3rc3
ORopenttdopenttdMatch0.6.0
ORopenttdopenttdMatch0.6.0beta1
ORopenttdopenttdMatch0.6.0beta2
ORopenttdopenttdMatch0.6.0beta3
ORopenttdopenttdMatch0.6.0beta4
ORopenttdopenttdMatch0.6.0beta5
ORopenttdopenttdMatch0.6.0rc1
ORopenttdopenttdMatch0.6.1
ORopenttdopenttdMatch0.6.1rc1
ORopenttdopenttdMatch0.6.1rc2
ORopenttdopenttdMatch0.6.2
ORopenttdopenttdMatch0.6.2rc1
ORopenttdopenttdMatch0.6.2rc2
ORopenttdopenttdMatch0.6.3
ORopenttdopenttdMatch0.6.3rc1
ORopenttdopenttdMatch0.7.0
ORopenttdopenttdMatch0.7.0beta1
ORopenttdopenttdMatch0.7.0beta2
ORopenttdopenttdMatch0.7.0rc1
ORopenttdopenttdMatch0.7.0rc2
ORopenttdopenttdMatch0.7.1
ORopenttdopenttdMatch0.7.1rc1
ORopenttdopenttdMatch0.7.1rc2
ORopenttdopenttdMatch0.7.1rc3
ORopenttdopenttdMatch0.7.2
ORopenttdopenttdMatch0.7.2rc1
ORopenttdopenttdMatch0.7.2rc2
ORopenttdopenttdMatch0.7.3
ORopenttdopenttdMatch0.7.3rc1
ORopenttdopenttdMatch0.7.3rc2
ORopenttdopenttdMatch0.7.4
ORopenttdopenttdMatch0.7.4rc1
ORopenttdopenttdMatch0.7.5
ORopenttdopenttdMatch0.7.5rc1
ORopenttdopenttdMatch1.0.0
ORopenttdopenttdMatch1.0.0beta1
ORopenttdopenttdMatch1.0.0beta2
ORopenttdopenttdMatch1.0.0beta3
ORopenttdopenttdMatch1.0.0beta4
ORopenttdopenttdMatch1.0.0rc1
ORopenttdopenttdMatch1.0.0rc2
ORopenttdopenttdMatch1.0.0rc3
ORopenttdopenttdMatch1.0.1
ORopenttdopenttdMatch1.0.1rc1
ORopenttdopenttdMatch1.0.1rc2
ORopenttdopenttdMatch1.0.2
ORopenttdopenttdMatch1.0.2rc1
ORopenttdopenttdMatch1.0.3
ORopenttdopenttdMatch1.0.3rc1
ORopenttdopenttdMatch1.0.4
ORopenttdopenttdMatch1.0.4rc1
ORopenttdopenttdMatch1.0.5
ORopenttdopenttdMatch1.0.5rc1
ORopenttdopenttdMatch1.0.5rc2
ORopenttdopenttdMatch1.1.0
ORopenttdopenttdMatch1.1.0beta1
ORopenttdopenttdMatch1.1.0beta2
ORopenttdopenttdMatch1.1.0beta3
ORopenttdopenttdMatch1.1.0beta4
ORopenttdopenttdMatch1.1.0beta5
ORopenttdopenttdMatch1.1.0rc1
ORopenttdopenttdMatch1.1.0rc2
ORopenttdopenttdMatch1.1.0rc3
ORopenttdopenttdMatch1.1.1
ORopenttdopenttdMatch1.1.1rc1
ORopenttdopenttdMatch1.1.2rc1
ORopenttdopenttdMatch1.1.2rc2
References
bugs.openttd.org/task/4745
bugs.openttd.org/task/4745/getfile/7707/fixcmds.diff
lists.fedoraproject.org/pipermail/package-announce/2011-September/066128.html
openwall.com/lists/oss-security/2011/09/02/4
openwall.com/lists/oss-security/2011/09/06/2
secunia.com/advisories/46075
security.openttd.org/en/CVE-2011-3341
www.debian.org/security/2012/dsa-2386
www.securityfocus.com/bid/49439
Related
debiancve
debiancve
CVE-2011-3341
2011-09-08 18:55:01
prion
prion
Command injection
2011-09-08 18:55:00
cvelist
cvelist
CVE-2011-3341
2011-09-08 18:00:00
cve
cve
CVE-2011-3341
2011-09-08 18:55:01
freebsd
freebsd
OpenTTD -- Denial of service via improperly validated commands
2011-08-25 00:00:00
nessus
nessus
FreeBSD : OpenTTD -- Denial of service via improperly validated commands (e77befb5-f3f9-11e0-8b5c-b482fe3f522d)
2011-10-17 00:00:00
Fedora 16 : openttd-1.1.3-1.fc16 (2011-12945)
2011-10-03 00:00:00
Debian DSA-2386-1 : openttd - several vulnerabilities
2012-01-12 00:00:00
ubuntucve
ubuntucve
CVE-2011-3341
2011-09-08 00:00:00
openvas
openvas
FreeBSD Ports: openttd
2012-02-13 00:00:00
FreeBSD Ports: openttd
2012-02-13 00:00:00
Debian Security Advisory DSA 2386-1 (openttd)
2012-02-11 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: openttd-1.1.3-1.fc16
2011-09-30 19:28:00
[SECURITY] Fedora 15 Update: openttd-1.1.5-1.fc15
2012-01-28 03:26:10
[SECURITY] Fedora 14 Update: openttd-1.1.3-1.fc14
2011-09-19 22:58:48
debian
debian
[SECURITY] [DSA 2386-1] openttd security update
2012-01-11 20:57:32
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2012-01-21 00:00:00
[SECURITY] [DSA 2386-1] openttd security update
2012-01-21 00:00:00
[ GLSA 201111-03 ] OpenTTD: Multiple vulnerabilities
2011-11-21 00:00:00
gentoo
gentoo
OpenTTD: Multiple vulnerabilities
2011-11-11 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8 High
AI Score
Confidence
High
0.034 Low
EPSS
Percentile
91.4%
Related for NVD:CVE-2011-3341