Package: bzflag-server Severity: important Tags: security | The callsigns used by the clients are not checked or re-delimited by | the server so is possible for a client to pass a callsign with no NULL | bytes at its end causing problems (crash) to the server during the | handling of this string. | On both Linux and Windows for x86 (using the precompiled packages) I | have reached the server crash without problems but is possible that in | some configurations the crash could happen after many tries or also | never, depending by how the memory is handled on that platform. | | The bug can be exploited also versus password protected servers without | knowing the right keyword.
Please see http://aluigi.altervista.org/adv/bzflagboom-adv.txt for details. It's been fixed upstream in 2.0.5. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-1-686 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
