OpenTTD texteff.c Remote Overflow

2005-09-06T04:49:13
ID OSVDB:19624
Type osvdb
Reporter Alexey Dobriyan()
Modified 2005-09-06T04:49:13

Description

Vulnerability Description

A remote overflow exists in texteff.c. The OpenTTD file fails to filter input sent to the texteff.c program resulting in a an overflow. With a specially crafted request, an attacker can cause a DoS resulting in a loss of availability.

Solution Description

Upgrade to version 4.0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in texteff.c. The OpenTTD file fails to filter input sent to the texteff.c program resulting in a an overflow. With a specially crafted request, an attacker can cause a DoS resulting in a loss of availability.

References:

Vendor URL: http://www.openttd.com/ Vendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=102631 Security Tracker: 1014855 Secunia Advisory ID:16697 Secunia Advisory ID:16696 Related OSVDB ID: 19620 Related OSVDB ID: 19621 Related OSVDB ID: 19622 Related OSVDB ID: 19623 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200509-03.xml FrSIRT Advisory: ADV-2005-1640 CVE-2005-2764