Bug#780178: armagetronad: several security vulnerabilities and network packets can terminate the connection

[Markus Koschany]

Source: armagetronad
Version: 0.2.8.3.2-1
Severity: serious
Tags: security

A new version of ArmagetronAD was released a few days ago which fixes
primarily possible security vulnerabilities and crashes.

>From the release notes:

"The practically exploitable bug that was fixed was an error in the
network error handling. In client mode, any received packet that
causes an exception during processing would terminate the connection
to the server. Regular game clients are usually well protected by a
NAT router that would not let such packets from attackers through.
Game servers are only vulnerable during the brief period while they
are communicating with the master servers, and the effect then is that
the server will not advertise itself.

Another theoretically exploitable bug was that very short UDP packets
would cause a read beyond the input buffer. The same buffer as last
time, embarrasingly, but this time off the other end and with maximum
offset 2."

I have talked to upstream who provided a minimal patch which I intend
to apply. I think it should be fixed for Jessie and Wheezy since the
vulnerability is remotely exploitable.

Regards,

Markus