漏洞信息详情
OpenTTD 'train_cmd.cpp' NormaliseTrainConsist函数未明漏洞
- CNNVD编号:CNNVD-200912-359
- 危害等级: 中危
- CVE编号: CVE-2009-4007
- 漏洞类型: 资料不足
- 发布时间: 2009-12-28
- 威胁类型: 远程
- 更新时间: 2009-12-29
- 厂 商: openttd
- 漏洞来源:
漏洞简介
OpenTTD中的src/train_cmd.cpp中的NormaliseTrainConsist函数存在未明漏洞,远程攻击者可以借助包含wagon 和dual-headed 引擎的game特制操作,引起一个拒绝服务(daemon崩溃)。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
OpenTTD OpenTTD 0.7
OpenTTD openttd-0.7.5-linux-generic-amd64.tar.gz
http://binaries.openttd.org/releases/0.7.5/openttd-0.7.5-linux-generic -amd64.tar.gz
OpenTTD openttd-0.7.5-linux-generic-i686.tar.gz
http://binaries.openttd.org/releases/0.7.5/openttd-0.7.5-linux-generic -i686.tar.gz
OpenTTD OpenTTD 0.4 .0.1
OpenTTD openttd-0.7.5-linux-generic-amd64.tar.gz
http://binaries.openttd.org/releases/0.7.5/openttd-0.7.5-linux-generic -amd64.tar.gz
OpenTTD openttd-0.7.5-linux-generic-i686.tar.gz
http://binaries.openttd.org/releases/0.7.5/openttd-0.7.5-linux-generic -i686.tar.gz
OpenTTD OpenTTD 0.4.7
OpenTTD openttd-0.7.5-linux-generic-amd64.tar.gz
http://binaries.openttd.org/releases/0.7.5/openttd-0.7.5-linux-generic -amd64.tar.gz
OpenTTD openttd-0.7.5-linux-generic-i686.tar.gz
http://binaries.openttd.org/releases/0.7.5/openttd-0.7.5-linux-generic -i686.tar.gz
OpenTTD OpenTTD 0.6.1
OpenTTD openttd-0.7.5-linux-generic-amd64.tar.gz
http://binaries.openttd.org/releases/0.7.5/openttd-0.7.5-linux-generic -amd64.tar.gz
OpenTTD openttd-0.7.5-linux-generic-i686.tar.gz
http://binaries.openttd.org/releases/0.7.5/openttd-0.7.5-linux-generic -i686.tar.gz
OpenTTD OpenTTD 0.6.2
OpenTTD openttd-0.7.5-linux-generic-amd64.tar.gz
http://binaries.openttd.org/releases/0.7.5/openttd-0.7.5-linux-generic -amd64.tar.gz
OpenTTD openttd-0.7.5-linux-generic-i686.tar.gz
http://binaries.openttd.org/releases/0.7.5/openttd-0.7.5-linux-generic -i686.tar.gz
OpenTTD OpenTTD 0.7.4
OpenTTD openttd-0.7.5-linux-generic-amd64.tar.gz
http://binaries.openttd.org/releases/0.7.5/openttd-0.7.5-linux-generic -amd64.tar.gz
OpenTTD openttd-0.7.5-linux-generic-i686.tar.gz
http://binaries.openttd.org/releases/0.7.5/openttd-0.7.5-linux-generic -i686.tar.gz
参考网址
来源: www.openttd.org
链接:http://www.openttd.org/en/news/112
来源: VUPEN
名称: ADV-2009-3645
链接:http://www.vupen.com/english/advisories/2009/3645
来源: BID
名称: 37487
链接:http://www.securityfocus.com/bid/37487
来源: MLIST
名称: [oss-security] 20091224 OpenTTD remote DoS
链接:http://www.openwall.com/lists/oss-security/2009/12/24/1
来源: vcs.openttd.org
链接:http://vcs.openttd.org/svn/changeset/18462/trunk/src/train_cmd.cpp
来源: SECUNIA
名称: 37929
链接:http://secunia.com/advisories/37929
来源: OSVDB
名称: 61356
链接:http://osvdb.org/61356
来源: binaries.openttd.org
链接:http://binaries.openttd.org/releases/0.7.5/changelog.txt
受影响实体
- Openttd Openttd:0.7.4
- Openttd Openttd:0.6.2:Rc2
- Openttd Openttd:0.6.2:Rc1
- Openttd Openttd:0.6.0:Rc1
- Openttd Openttd:0.6.0:Beta3
补丁
暂无
评论