[gentoo-announce] [ GLSA 200802-02 ] Doomsday: Multiple vulnerabilities - gentoo-announce

From:	Pierre-Yves Rofes <py@g.o>
To:	gentoo-announce@l.g.o
Cc:	full-disclosure@××××××××××××××.uk, bugtraq@×××××××××××××.com, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200802-02 ] Doomsday: Multiple vulnerabilities
Date:	Wed, 06 Feb 2008 22:15:00
Message-Id:	`47AA317B.8010508@gentoo.org`

1

-----BEGIN PGP SIGNED MESSAGE-----

2

Hash: SHA1

3

4

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

5

Gentoo Linux Security Advisory                           GLSA 200802-02

6

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

7

                                            http://security.gentoo.org/

8

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

9

10

  Severity: High

11

     Title: Doomsday: Multiple vulnerabilities

12

      Date: February 06, 2008

13

      Bugs: #190835

14

        ID: 200802-02

15

16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

17

18

Synopsis

19

========

20

21

Multiple vulnerabilities in Doomsday might allow remote execution of

22

arbitrary code or a Denial of Service.

23

24

Background

25

==========

26

27

The Doomsday Engine (deng) is a modern gaming engine for popular ID

28

games like Doom, Heretic and Hexen.

29

30

Affected packages

31

=================

32

33

    -------------------------------------------------------------------

34

     Package             /     Vulnerable     /             Unaffected

35

    -------------------------------------------------------------------

36

  1  games-fps/doomsday     <= 1.9.0-beta5.2               Vulnerable!

37

    -------------------------------------------------------------------

38

     NOTE: Certain packages are still vulnerable. Users should migrate

39

           to another package if one is available or wait for the

40

           existing packages to be marked stable by their

41

           architecture maintainers.

42

    -------------------------------------------------------------------

43

    -------------------------------------------------------------------

44

     NOTE: Packages marked with asterisks require manual intervention!

45

46

Description

47

===========

48

49

Luigi Auriemma discovered multiple buffer overflows in the

50

D_NetPlayerEvent() function, the Msg_Write() function and the

51

NetSv_ReadCommands() function. He also discovered errors when handling

52

chat messages that are not NULL-terminated (CVE-2007-4642) or contain a

53

short data length, triggering an integer underflow (CVE-2007-4643).

54

Furthermore a format string vulnerability was discovered in the

55

Cl_GetPackets() function when processing PSV_CONSOLE_TEXT messages

56

(CVE-2007-4644).

57

58

Impact

59

======

60

61

A remote attacker could exploit these vulnerabilities to execute

62

arbitrary code with the rights of the user running the Doomsday server

63

or cause a Denial of Service by sending specially crafted messages to

64

the server.

65

66

Workaround

67

==========

68

69

There is no known workaround at this time.

70

71

Resolution

72

==========

73

74

While some of these issues could be resolved in

75

"games-fps/doomsday-1.9.0-beta5.2", the format string vulnerability

76

(CVE-2007-4644) remains unfixed. We recommend that users unmerge

77

Doomsday:

78

79

    # emerge --unmerge games-fps/doomsday

80

81

References

82

==========

83

84

  [ 1 ] CVE-2007-4642

85

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4642

86

  [ 2 ] CVE-2007-4643

87

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4643

88

  [ 3 ] CVE-2007-4644

89

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4644

90

91

Availability

92

============

93

94

This GLSA and any updates to it are available for viewing at

95

the Gentoo Security Website:

96

97

  http://security.gentoo.org/glsa/glsa-200802-02.xml

98

99

Concerns?

100

=========

101

102

Security is a primary focus of Gentoo Linux and ensuring the

103

confidentiality and security of our users machines is of utmost

104

importance to us. Any security concerns should be addressed to

105

security@g.o or alternatively, you may file a bug at

106

http://bugs.gentoo.org.

107

108

License

109

=======

110

111

Copyright 2008 Gentoo Foundation, Inc; referenced text

112

belongs to its owner(s).

113

114

The contents of this document are licensed under the

115

Creative Commons - Attribution / Share Alike license.

116

117

http://creativecommons.org/licenses/by-sa/2.5

118

-----BEGIN PGP SIGNATURE-----

119

Version: GnuPG v2.0.7 (GNU/Linux)

120

Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

121

122

iD8DBQFHqjF7uhJ+ozIKI5gRAhBoAJwJf5VhVqjQ/FosloXMiYJnIWB5ywCfcRoE

123

wVygvXTV0xLQODqI+mqt09U=

124

=2Jl2

125

-----END PGP SIGNATURE-----

126

--

127

gentoo-announce@l.g.o mailing list

1	-----BEGIN PGP SIGNED MESSAGE-----
2	Hash: SHA1
3
4	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5	Gentoo Linux Security Advisory GLSA 200802-02
6	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7	http://security.gentoo.org/
8	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10	Severity: High
11	Title: Doomsday: Multiple vulnerabilities
12	Date: February 06, 2008
13	Bugs: #190835
14	ID: 200802-02
15
16	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18	Synopsis
19	========
20
21	Multiple vulnerabilities in Doomsday might allow remote execution of
22	arbitrary code or a Denial of Service.
23
24	Background
25	==========
26
27	The Doomsday Engine (deng) is a modern gaming engine for popular ID
28	games like Doom, Heretic and Hexen.
29
30	Affected packages
31	=================
32
33	-------------------------------------------------------------------
34	Package / Vulnerable / Unaffected
35	-------------------------------------------------------------------
36	1 games-fps/doomsday <= 1.9.0-beta5.2 Vulnerable!
37	-------------------------------------------------------------------
38	NOTE: Certain packages are still vulnerable. Users should migrate
39	to another package if one is available or wait for the
40	existing packages to be marked stable by their
41	architecture maintainers.
42	-------------------------------------------------------------------
43	-------------------------------------------------------------------
44	NOTE: Packages marked with asterisks require manual intervention!
45
46	Description
47	===========
48
49	Luigi Auriemma discovered multiple buffer overflows in the
50	D_NetPlayerEvent() function, the Msg_Write() function and the
51	NetSv_ReadCommands() function. He also discovered errors when handling
52	chat messages that are not NULL-terminated (CVE-2007-4642) or contain a
53	short data length, triggering an integer underflow (CVE-2007-4643).
54	Furthermore a format string vulnerability was discovered in the
55	Cl_GetPackets() function when processing PSV_CONSOLE_TEXT messages
56	(CVE-2007-4644).
57
58	Impact
59	======
60
61	A remote attacker could exploit these vulnerabilities to execute
62	arbitrary code with the rights of the user running the Doomsday server
63	or cause a Denial of Service by sending specially crafted messages to
64	the server.
65
66	Workaround
67	==========
68
69	There is no known workaround at this time.
70
71	Resolution
72	==========
73
74	While some of these issues could be resolved in
75	"games-fps/doomsday-1.9.0-beta5.2", the format string vulnerability
76	(CVE-2007-4644) remains unfixed. We recommend that users unmerge
77	Doomsday:
78
79	# emerge --unmerge games-fps/doomsday
80
81	References
82	==========
83
84	[ 1 ] CVE-2007-4642
85	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4642
86	[ 2 ] CVE-2007-4643
87	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4643
88	[ 3 ] CVE-2007-4644
89	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4644
90
91	Availability
92	============
93
94	This GLSA and any updates to it are available for viewing at
95	the Gentoo Security Website:
96
97	http://security.gentoo.org/glsa/glsa-200802-02.xml
98
99	Concerns?
100	=========
101
102	Security is a primary focus of Gentoo Linux and ensuring the
103	confidentiality and security of our users machines is of utmost
104	importance to us. Any security concerns should be addressed to
105	security@g.o or alternatively, you may file a bug at
106	http://bugs.gentoo.org.
107
108	License
109	=======
110
111	Copyright 2008 Gentoo Foundation, Inc; referenced text
112	belongs to its owner(s).
113
114	The contents of this document are licensed under the
115	Creative Commons - Attribution / Share Alike license.
116
117	http://creativecommons.org/licenses/by-sa/2.5
118	-----BEGIN PGP SIGNATURE-----
119	Version: GnuPG v2.0.7 (GNU/Linux)
120	Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
121
122	iD8DBQFHqjF7uhJ+ozIKI5gRAhBoAJwJf5VhVqjQ/FosloXMiYJnIWB5ywCfcRoE
123	wVygvXTV0xLQODqI+mqt09U=
124	=2Jl2
125	-----END PGP SIGNATURE-----
126	--
127	gentoo-announce@l.g.o mailing list

Gentoo Archives: gentoo-announce