OpenTTD network.c Format String

2005-09-06T04:49:13
ID OSVDB:19620
Type osvdb
Reporter Alexey Dobriyan()
Modified 2005-09-06T04:49:13

Description

Vulnerability Description

OpenTTD contains a flaw that may allow a malicious user to issue format commands to the network.c program. It is possible that the flaw may terminate the application (DoS) or execute commands, resulting in a loss of confidentiality, or availability.

Solution Description

Upgrade to version 4.0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

OpenTTD contains a flaw that may allow a malicious user to issue format commands to the network.c program. It is possible that the flaw may terminate the application (DoS) or execute commands, resulting in a loss of confidentiality, or availability.

References:

Vendor URL: http://www.openttd.com/ Vendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=102631 Security Tracker: 1014855 Secunia Advisory ID:16697 Secunia Advisory ID:16696 Related OSVDB ID: 19621 Related OSVDB ID: 19622 Related OSVDB ID: 19623 Related OSVDB ID: 19624 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200509-03.xml FrSIRT Advisory: ADV-2005-1640 CVE-2005-2763