diff options
Diffstat (limited to 'metadata/glsa/glsa-200608-16.xml')
-rw-r--r-- | metadata/glsa/glsa-200608-16.xml | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-200608-16.xml b/metadata/glsa/glsa-200608-16.xml new file mode 100644 index 000000000000..1026578764b2 --- /dev/null +++ b/metadata/glsa/glsa-200608-16.xml @@ -0,0 +1,72 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="200608-16"> + <title>Warzone 2100 Resurrection: Multiple buffer overflows</title> + <synopsis> + Warzone 2100 Resurrection server and client are vulnerable to separate + buffer overflows, potentially allowing remote code execution. + </synopsis> + <product type="ebuild">warzone2100</product> + <announced>2006-08-10</announced> + <revised count="02">2006-09-04</revised> + <bug>142389</bug> + <access>remote</access> + <affected> + <package name="games-strategy/warzone2100" auto="yes" arch="*"> + <unaffected range="ge">2.0.4</unaffected> + <vulnerable range="le">2.0.3</vulnerable> + </package> + </affected> + <background> + <p> + Warzone 2100 Resurrection is a real-time strategy game, developed by + Pumpkin Studios and published by Eidos Interactive. + </p> + </background> + <description> + <p> + Luigi Auriemma discovered two buffer overflow vulnerabilities in + Warzone 2100 Resurrection. The recvTextMessage function of the Warzone + 2100 Resurrection server and the NETrecvFile function of the client use + insufficiently sized buffers. + </p> + </description> + <impact type="high"> + <p> + A remote attacker could exploit these vulnerabilities by sending + specially crafted input to the server, or enticing a user to load a + specially crafted file from a malicious server. This may result in the + execution of arbitrary code with the permissions of the user running + Warzone 2100 Resurrection. + </p> + </impact> + <workaround> + <p> + There is no known workaround for this issue. + </p> + <p> + There is no known workaround at this time. + </p> + </workaround> + <resolution> + <p> + All Warzone 2100 Resurrection users should upgrade to the latest + version: + </p> + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-strategy/warzone2100-2.0.4"</code> + </resolution> + <references> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3849">CVE-2006-3849</uri> + </references> + <metadata tag="requester" timestamp="2006-08-07T07:47:59Z"> + jaervosz + </metadata> + <metadata tag="bugReady" timestamp="2006-08-07T07:48:19Z"> + jaervosz + </metadata> + <metadata tag="submitter" timestamp="2006-08-07T12:17:00Z"> + dizzutch + </metadata> +</glsa> |