Bug#442075: CVE-2007-4754 format string vulnerability, CVE-2007-4755 DoS
Nico Golde
nion at debian.org
Wed Sep 12 23:25:00 UTC 2007
Package: alien-arena
Version: 6.05-1
Severity: serious
Tags: security
Hi,
two CVEs had been issued against alien-arena:
CVE-2007-4754[0]:
Format string vulnerability in the safe_bprintf function in
acesrc/acebot_cmds.c in Alien Arena 2007 6.10 and earlier
allows remote attackers to cause a denial of service (daemon
crash) via format string specifiers in a nickname.
CVE-2007-4755[1]:
Alien Arena 2007 6.10 and earlier allows remote attackers to
cause a denial of service (client disconnect) by sending a
client_connect command in a forged paket from the server to
a client. NOTE: client IP addresses are available via
product-specific queries.
If you fix this issue please include the CVE id in your
changelog.
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4754
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4755
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20070913/275d4dd1/attachment.pgp
More information about the Pkg-games-devel
mailing list