Bug#770514: teeworlds: security vulnerability (Memory reads, Segmentation Fault)
James Cowgill
james410 at cowgill.org.uk
Fri Nov 21 22:40:55 UTC 2014
On Fri, 2014-11-21 at 22:42 +0100, Markus Koschany wrote:
> Hi,
>
> yesterday the developers of Teeworld announced a security
> vulnerability in Teeworld's server for the complete 0.6.x series. That
> means stable is also affected.
>
> https://www.teeworlds.com/?page=news&id=11200
This is the patch for the security issue from
https://github.com/teeworlds/teeworlds/commit/a766cb44bcffcdb0b88e776d01c5ee1323d44f85
- Originally from https://github.com/heinrich5991/teeworlds/commit/51af0b8548ec4974724f24386b35db8fef242ee3
The bug seems to be that "Offset" is a remote attacker controlled
variable which isn't validated properly (it could be negative). Offset
is then used as an index to a memory read and the data is sent back to
the attacker.
James
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-fixed-a-server-crash.patch
Type: text/x-patch
Size: 784 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20141121/906c2f55/attachment.bin>
More information about the Pkg-games-devel
mailing list