1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200903-09 / openttd |
| Release Date | March 07, 2009 |
| Latest Revision | March 07, 2009: 01 |
| Impact | high |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| games-simulation/openttd | < 0.6.3 | >= 0.6.3 | All supported architectures |
Related bugreports: #233929
Multiple buffer overflows in OpenTTD might allow for the execution of arbitrary code in the server.
OpenTTD is a clone of Transport Tycoon Deluxe.
Multiple buffer overflows have been reported in OpenTTD, when storing long for client names (CVE-2008-3547), in the TruncateString function in src/gfx.cpp (CVE-2008-3576) and in src/openttd.cpp when processing a large filename supplied to the "-g" parameter in the ttd_main function (CVE-2008-3577).
An authenticated attacker could exploit these vulnerabilities to execute arbitrary code with the privileges of the OpenTTD server.
There is no known workaround at this time.
All OpenTTD users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=games-simulation/openttd-0.6.3" |