CVE-2012-0048
Published: 25 August 2012
OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial of service (game pause) by connecting to the server and not finishing the (1) authorization phase or (2) map download, aka a "slow read" attack.
Priority
Status
Package | Release | Status |
---|---|---|
openttd Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Not vulnerable
(1.2.1-1)
|
|
raring |
Not vulnerable
(1.2.1-1)
|
|
saucy |
Not vulnerable
(1.2.1-1)
|
|
trusty |
Does not exist
(trusty was not-affected [1.2.1-1])
|
|
upstream |
Needs triage
|
|
utopic |
Not vulnerable
(1.2.1-1)
|
|
vivid |
Not vulnerable
(1.2.1-1)
|
|
wily |
Not vulnerable
(1.2.1-1)
|
|
xenial |
Not vulnerable
(1.2.1-1)
|
|
yakkety |
Not vulnerable
(1.2.1-1)
|
|
zesty |
Not vulnerable
(1.2.1-1)
|
|
Patches: upstream: http://vcs.openttd.org/svn/changeset/23764 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0048
- http://www.tt-forums.net/viewtopic.php?f=33&t=58073&hilit=pause#p989303
- http://www.openwall.com/lists/oss-security/2012/01/13/8
- http://www.openwall.com/lists/oss-security/2012/01/07/2
- http://www.debian.org/security/2012/dsa-2524
- http://security.openttd.org/en/CVE-2012-0049
- http://secunia.com/advisories/50137
- NVD
- Launchpad
- Debian