Hi, just a matter of information, crossfire has lots of places potentially allowing execution of arbitrary code using unchecked length string. Fortunately, those are for most not exploitable as they are not a direct consequence of client data. However, this does not mean they must not be fixed. As a developper of crossfire my position is: crossfire has lots of potential security issues and should always be run in a chrooted environment to limit the risks to crossfire account.
Regards, David Delbecq Andrew Fuchs a écrit : >Umm, was this the flaw i discovered, or is it a new one? > >---------- Forwarded message ---------- >From: Thierry Carrez <[EMAIL PROTECTED]> >Date: Apr 22, 2006 4:12 PM >Subject: [gentoo-announce] [ GLSA 200604-11 ] Crossfire server: Denial >of Service and potential arbitrary code execution >To: [email protected] >Cc: [email protected], [email protected], >[EMAIL PROTECTED] > > >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >Gentoo Linux Security Advisory GLSA 200604-11 >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > http://security.gentoo.org/ >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > Severity: High > Title: Crossfire server: Denial of Service and potential arbitrary > code execution > Date: April 22, 2006 > Bugs: #126169 > ID: 200604-11 > >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > >Synopsis >======== > >The Crossfire game server is vulnerable to a Denial of Service and >potentially to the execution of arbitrary code. > >Background >========== > >Crossfire is a cooperative multiplayer graphical adventure and >role-playing game. The Crossfire game server allows various compatible >clients to connect to participate in a cooperative game. > >Affected packages >================= > > ------------------------------------------------------------------- > Package / Vulnerable / Unaffected > ------------------------------------------------------------------- > 1 games-server/crossfire-server < 1.9.0 >= 1.9.0 > >Description >=========== > >Luigi Auriemma discovered a vulnerability in the Crossfire game server, >in the handling of the "oldsocketmode" option when processing overly >large requests. > >Impact >====== > >An attacker can set up a malicious Crossfire client that would send a >large request in "oldsocketmode", resulting in a Denial of Service on >the Crossfire server and potentially in the execution of arbitrary code >on the server with the rights of the game server. > >Workaround >========== > >There is no known workaround at this time. > >Resolution >========== > >All Crossfire server users should upgrade to the latest version: > > # emerge --sync > # emerge --ask --oneshot --verbose >">=games-server/crossfire-server-1.9.0" > >References >========== > > [ 1 ] CVE-2006-1010 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1010 > >Availability >============ > >This GLSA and any updates to it are available for viewing at >the Gentoo Security Website: > > http://security.gentoo.org/glsa/glsa-200604-11.xml > >Concerns? >========= > >Security is a primary focus of Gentoo Linux and ensuring the >confidentiality and security of our users machines is of utmost >importance to us. Any security concerns should be addressed to >[EMAIL PROTECTED] or alternatively, you may file a bug at >http://bugs.gentoo.org. > >License >======= > >Copyright 2006 Gentoo Foundation, Inc; referenced text >belongs to its owner(s). > >The contents of this document are licensed under the >Creative Commons - Attribution / Share Alike license. > >http://creativecommons.org/licenses/by-sa/2.0 > > >------------------------------------------------------------------------ > >_______________________________________________ >crossfire mailing list >[email protected] >http://mailman.metalforge.org/mailman/listinfo/crossfire > > _______________________________________________ crossfire mailing list [email protected] http://mailman.metalforge.org/mailman/listinfo/crossfire
