Bug#911487: teeworlds: remote DOS by forging connection packets
Salvatore Bonaccorso
carnil at debian.org
Sat Oct 20 20:01:06 BST 2018
Hi,
On Sat, Oct 20, 2018 at 08:06:07PM +0200, Markus Koschany wrote:
> Package: teeworlds-server
> Version: 0.6.4+dfsg-1
> Severity: grave
> Tags: security
>
> It was discovered that a Teeworlds server could be made inaccessible
> by forging connection packets. This made it look like the server was
> always full thus access to the server was effectively denied. My own
> private server was recently affected by this. The only way to mitigate
> this attack is to change the server port. Apparently this issue was
> fixed in version 0.6.5.
For 0.6.5 the following two commits might be the relevant ones (not
found any further possibly releated):
https://github.com/teeworlds/teeworlds/commit/4c00063b2fd9c25998f3d308723e1ae65c20548d
https://github.com/teeworlds/teeworlds/commit/439483cef207f3e09f453c3406343a21eff7ba68
Is this correct?
Those two were reverted just after the 0.6.5 release apparently, to be
substituted with an alternative approach.
Was a CVE requested for this issue?
Regards,
Salvatore
More information about the Pkg-games-devel
mailing list