DSA-127-1 xpilot-server -- remote buffer overflow

Debian Security Advisory

DSA-127-1 xpilot-server -- remote buffer overflow

Date Reported:

17 Apr 2002

Affected Packages:

xpilot

Vulnerable:

Yes

Security database references:

In the Bugtraq database (at SecurityFocus): BugTraq ID 4534.
In Mitre's CVE dictionary: CVE-2002-0179.

More information:

An internal audit by the xpilot (a multi-player tactical manoeuvring game for X) maintainers revealed a buffer overflow in xpilot server. This overflow can be abused by remote attackers to gain access to the server under which the xpilot server is running.

This has been fixed in upstream version 4.5.1 and version 4.1.0-4.U.4alpha2.4.potato1 of the Debian package.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Source:

http://security.debian.org/dists/stable/updates/main/source/xpilot_4.1.0-4.U.4alpha2.4.potato1.diff.gz

http://security.debian.org/dists/stable/updates/main/source/xpilot_4.1.0-4.U.4alpha2.4.potato1.dsc

http://security.debian.org/dists/stable/updates/main/source/xpilot_4.1.0.orig.tar.gz

Architecture-independent component:

http://security.debian.org/dists/stable/updates/main/binary-all/xpilot_4.1.0-4.U.4alpha2.4.potato1_all.deb

Alpha:

http://security.debian.org/dists/stable/updates/main/binary-alpha/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_alpha.deb

http://security.debian.org/dists/stable/updates/main/binary-alpha/xpilot-client-nosound_4.1.0-4.U.4alpha2.4.potato1_alpha.deb

http://security.debian.org/dists/stable/updates/main/binary-alpha/xpilot-client-rplay_4.1.0-4.U.4alpha2.4.potato1_alpha.deb

http://security.debian.org/dists/stable/updates/main/binary-alpha/xpilot-server_4.1.0-4.U.4alpha2.4.potato1_alpha.deb

Intel IA-32:

http://security.debian.org/dists/stable/updates/main/binary-i386/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_i386.deb

http://security.debian.org/dists/stable/updates/main/binary-i386/xpilot-client-nosound_4.1.0-4.U.4alpha2.4.potato1_i386.deb

http://security.debian.org/dists/stable/updates/main/binary-i386/xpilot-client-rplay_4.1.0-4.U.4alpha2.4.potato1_i386.deb

http://security.debian.org/dists/stable/updates/main/binary-i386/xpilot-server_4.1.0-4.U.4alpha2.4.potato1_i386.deb

Motorola 680x0:

http://security.debian.org/dists/stable/updates/main/binary-m68k/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_m68k.deb

http://security.debian.org/dists/stable/updates/main/binary-m68k/xpilot-client-nosound_4.1.0-4.U.4alpha2.4.potato1_m68k.deb

http://security.debian.org/dists/stable/updates/main/binary-m68k/xpilot-client-rplay_4.1.0-4.U.4alpha2.4.potato1_m68k.deb

http://security.debian.org/dists/stable/updates/main/binary-m68k/xpilot-server_4.1.0-4.U.4alpha2.4.potato1_m68k.deb

PowerPC:

http://security.debian.org/dists/stable/updates/main/binary-powerpc/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_powerpc.deb

http://security.debian.org/dists/stable/updates/main/binary-powerpc/xpilot-client-nosound_4.1.0-4.U.4alpha2.4.potato1_powerpc.deb

http://security.debian.org/dists/stable/updates/main/binary-powerpc/xpilot-client-rplay_4.1.0-4.U.4alpha2.4.potato1_powerpc.deb

http://security.debian.org/dists/stable/updates/main/binary-powerpc/xpilot-server_4.1.0-4.U.4alpha2.4.potato1_powerpc.deb

Sun Sparc:

http://security.debian.org/dists/stable/updates/main/binary-sparc/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_sparc.deb

http://security.debian.org/dists/stable/updates/main/binary-sparc/xpilot-client-nosound_4.1.0-4.U.4alpha2.4.potato1_sparc.deb

http://security.debian.org/dists/stable/updates/main/binary-sparc/xpilot-client-rplay_4.1.0-4.U.4alpha2.4.potato1_sparc.deb

http://security.debian.org/dists/stable/updates/main/binary-sparc/xpilot-server_4.1.0-4.U.4alpha2.4.potato1_sparc.deb

MD5 checksums of the listed files are available in the original advisory.