teeworlds: CVE-2018-18541: remote denial-of-service

Debian Bug report logs - #911487
teeworlds: CVE-2018-18541: remote denial-of-service

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: teeworlds: remote DOS by forging connection packets

Date: Sat, 20 Oct 2018 20:06:07 +0200

Package: teeworlds-server
Version: 0.6.4+dfsg-1
Severity: grave
Tags: security

It was discovered that a Teeworlds server could be made inaccessible
by forging connection packets. This made it look like the server was
always full thus access to the server was effectively denied. My own
private server was recently affected by this. The only way to mitigate
this attack is to change the server port. Apparently this issue was
fixed in version 0.6.5.

Markus

Message #14 received at 911487@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Markus Koschany <apo@debian.org>, 911487@bugs.debian.org

Subject: Re: Bug#911487: teeworlds: remote DOS by forging connection packets

Date: Sat, 20 Oct 2018 21:01:06 +0200

Hi,

On Sat, Oct 20, 2018 at 08:06:07PM +0200, Markus Koschany wrote:
> Package: teeworlds-server
> Version: 0.6.4+dfsg-1
> Severity: grave
> Tags: security
> 
> It was discovered that a Teeworlds server could be made inaccessible
> by forging connection packets. This made it look like the server was
> always full thus access to the server was effectively denied. My own
> private server was recently affected by this. The only way to mitigate
> this attack is to change the server port. Apparently this issue was
> fixed in version 0.6.5.

For 0.6.5 the following two commits might be the relevant ones (not
found any further possibly releated):

https://github.com/teeworlds/teeworlds/commit/4c00063b2fd9c25998f3d308723e1ae65c20548d
https://github.com/teeworlds/teeworlds/commit/439483cef207f3e09f453c3406343a21eff7ba68

Is this correct?

Those two were reverted just after the 0.6.5 release apparently, to be
substituted with an alternative approach.

Was a CVE requested for this issue?

Regards,
Salvatore

Message #19 received at 911487@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: 911487@bugs.debian.org

Subject: Re: Bug#911487: teeworlds: remote DOS by forging connection packets

Date: Sat, 20 Oct 2018 21:22:38 +0200

[Message part 1 (text/plain, inline)]

Hi,

Am 20.10.18 um 21:01 schrieb Salvatore Bonaccorso:
[...]
> For 0.6.5 the following two commits might be the relevant ones (not
> found any further possibly releated):
> 
> https://github.com/teeworlds/teeworlds/commit/4c00063b2fd9c25998f3d308723e1ae65c20548d
> https://github.com/teeworlds/teeworlds/commit/439483cef207f3e09f453c3406343a21eff7ba68
> 
> Is this correct?

Looks correct to me. I don't see any other commits between 0.6.4 and
0.6.5. that are related to this.

> Those two were reverted just after the 0.6.5 release apparently, to be
> substituted with an alternative approach.
> 
> Was a CVE requested for this issue?

I don't know. I have opened a new ticket here:

https://github.com/teeworlds/teeworlds/issues/1536

Regards,

Markus

[signature.asc (application/pgp-signature, attachment)]

Message #24 received at 911487@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: 911487@bugs.debian.org

Subject: Re: Bug#911487: teeworlds: remote DOS by forging connection packets

Date: Sat, 20 Oct 2018 22:54:28 +0200

[Message part 1 (text/plain, inline)]

I have just requested a CVE id for this issue. Upstream clarified the
fixing commits. They are

https://github.com/teeworlds/teeworlds/commit/a263185571903ead01f6b351a91ea219ac9d215f

https://github.com/teeworlds/teeworlds/commit/aababc63eeeee1bc41672502ca6c7a1dd9f61d94

https://github.com/teeworlds/teeworlds/commit/f5fa1a92ed81ed8da721e803a036b1553a38e39e

Markus

[signature.asc (application/pgp-signature, attachment)]

Message #31 received at 911487@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: 911487@bugs.debian.org, 892351@bugs.debian.org

Subject: Re: Bug#911487: teeworlds: remote DOS by forging connection packets

Date: Thu, 25 Oct 2018 22:59:13 +0200

[Message part 1 (text/plain, inline)]

Control: owner -1 !

I'm currently working on updating Teeworlds to version 0.7.

Markus

[signature.asc (application/pgp-signature, attachment)]

Message #38 received at 911487-close@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: 911487-close@bugs.debian.org

Subject: Bug#911487: fixed in teeworlds 0.7.0-1

Date: Sat, 27 Oct 2018 15:16:58 +0000

Source: teeworlds
Source-Version: 0.7.0-1

We believe that the bug you reported is fixed in the latest version of
teeworlds, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 911487@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <apo@debian.org> (supplier of updated teeworlds package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 27 Oct 2018 12:11:25 +0200
Source: teeworlds
Binary: teeworlds teeworlds-server teeworlds-data
Architecture: source
Version: 0.7.0-1
Distribution: unstable
Urgency: high
Maintainer: Debian Games Team <pkg-games-devel@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 teeworlds  - online multi-player platform 2D shooter
 teeworlds-data - data for Teeworlds; an online multi-player platform 2D shooter
 teeworlds-server - server for Teeworlds; an online multi-player platform 2D shooter
Closes: 536107 892351 911487
Changes:
 teeworlds (0.7.0-1) unstable; urgency=high
 .
   * Team upload.
   * New upstream version 0.7.0
     - No longer repack the tarball because it is DFSG-compliant.
     - However see README.source. We have to add maps and translations manually
       because network connections at build time are not allowed.
     - Fix CVE-2018-18541: remote denial-of-service vulnerability in
       teeworlds-server. (Closes: #911487)
     - Use pkg-config to detect libraries. (Closes: #892351)
   * Switch to compat level 11.
   * Declare compliance with Debian Policy 4.2.1.
   * Update debian/watch and track new releases on github.com.
   * Update debian/copyright for new release.
   * Rebase all patches for new release.
   * Switch from SDL 1 to SDL 2.
   * Use bam -t option for more verbosity.
   * Do not create debian.lua anymore.
   * Add portability.patch and don't make the build fail if we build on
     non-supported architectures.
   * Add builddir.patch and use a more predictable location for build output
     files.
   * Provide a systemd service file for teeworlds-server.
     Install a new teeworlds.service file but disable the server by default.
     Explain in README.Debian what steps are needed to run a server.
     (Closes: #536107)
Checksums-Sha1:
 9059d38924e6b74f76fe72b7ab06c62453ebc3d4 2401 teeworlds_0.7.0-1.dsc
 95505a7fc46e025db1cbbf84aa3c34430464fd77 7767344 teeworlds_0.7.0.orig.tar.xz
 03183d11fb90ad11f1c75ca52fce895ca4a2f75d 18744 teeworlds_0.7.0-1.debian.tar.xz
 5eb0adb3ce3ebf5b10e97e791d44fdec798941ba 12966 teeworlds_0.7.0-1_amd64.buildinfo
Checksums-Sha256:
 d52630cb76a677fd24217e7ee513ede65486823e076717f5ca671d50e021a741 2401 teeworlds_0.7.0-1.dsc
 b295a9232aec26e8491a96fe5cc7867dc13d19b8a075d428b1e922b2db6cb341 7767344 teeworlds_0.7.0.orig.tar.xz
 4f8e6e3c856b6beadc5305e199ee4cd0744383f4cc229120fe97828d74599b95 18744 teeworlds_0.7.0-1.debian.tar.xz
 747b25c3716a39e3b269c896e7170ff829f0085ea726fab03ed18c6cca40685d 12966 teeworlds_0.7.0-1_amd64.buildinfo
Files:
 563bfb7452cb3c2fe3d8996eaec57d2d 2401 games optional teeworlds_0.7.0-1.dsc
 9fba973d94dd29cdf911eec829aabfd7 7767344 games optional teeworlds_0.7.0.orig.tar.xz
 b783c83efb56e60a492cfde358785f4e 18744 games optional teeworlds_0.7.0-1.debian.tar.xz
 8e5ed6654463be1f3289934093527458 12966 games optional teeworlds_0.7.0-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlvUcIVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk1v4QAKeUSuGLGgjbch5R28vizzPq9VXZxGKgNkER
50WikQMov9uNEE9zMDJnA5EHB9THpGouRopONpcDiYo3MJPl1tPysfWYbaVx3UYL
g0eR88Ss9V8oTr64vSfpmlUcDCr1gZ5Y7PWVkmCtvF6FXo1wTvWFL5kc9uJWqYuF
FladgPAzngjmbf9b8lvAo8u3jbMz4c+/K55urNjWFCC/Y+NuyPiHCSvRmrYjkfWx
lMb9BmlksxKJFYUPt3s7hNOIf8/nMlS+iWYR19A4hedn3UjhslmfDw4NluL54wvM
UJf+wvR8+ieLSuE2+FVAAGjSKSMDsSgc2z91/1RJKjFmA/0eP1W0NluSNiB7zYrx
xnygeAvrpYjHvuUrNF/BzNjf9JcwhYAMfEP2OYM7h45z46hBC03qtLLcwWuiL/XW
ZJDv/5F7kakGackeUUdjppoa+TLNRCe2w0vQTOeZnO9cswtQboyhTLl+vlOkY7D/
MXbWhdpn8+68w+XkFxnhiHUCYnt3rsjKGdNC3Dxj+dsVq+MnHwyxZ8YqeHnS2+WV
zmOlf93LqgIluKqhDuUURPGQHa5Z3i8jYe4r5feoHekx69CBUbH/okHv+a6v7gzx
IG60AGX5VvrHMV+hq0Y21yv245vd5TBh9G286IDjD1Mber/4azOWu+3nUwsaokPz
OUiU/a3Z
=bn6D
-----END PGP SIGNATURE-----

Message #43 received at 911487-close@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: 911487-close@bugs.debian.org

Subject: Bug#911487: fixed in teeworlds 0.6.5+dfsg-1~deb9u1

Date: Thu, 01 Nov 2018 19:56:22 +0000

Source: teeworlds
Source-Version: 0.6.5+dfsg-1~deb9u1

We believe that the bug you reported is fixed in the latest version of
teeworlds, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 911487@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <apo@debian.org> (supplier of updated teeworlds package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 27 Oct 2018 17:02:43 +0200
Source: teeworlds
Binary: teeworlds teeworlds-server teeworlds-data
Architecture: source all amd64
Version: 0.6.5+dfsg-1~deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Games Team <pkg-games-devel@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 teeworlds  - online multi-player platform 2D shooter
 teeworlds-data - data for Teeworlds; an online multi-player platform 2D shooter
 teeworlds-server - server for Teeworlds; an online multi-player platform 2D shooter
Closes: 911487
Changes:
 teeworlds (0.6.5+dfsg-1~deb9u1) stretch-security; urgency=high
 .
   * Team upload.
   * New upstream version 0.6.5+dfsg.
     Fix CVE-2018-18541: remote denial-of-service vulnerability in
     teeworlds-server. (Closes: #911487)
Checksums-Sha1:
 10f0b0cbad17cdd4c65e8727568e204f35a3bf43 2460 teeworlds_0.6.5+dfsg-1~deb9u1.dsc
 c90c2ad43bbd52353b115a030dff31d5ce453311 6907484 teeworlds_0.6.5+dfsg.orig.tar.xz
 512b66bed977c20ae364cebfcc758bd84b0b1e4f 9192 teeworlds_0.6.5+dfsg-1~deb9u1.debian.tar.xz
 66d2edcb38231e90cf66175093ff686edb9e4b34 6418110 teeworlds-data_0.6.5+dfsg-1~deb9u1_all.deb
 4b9045e132d68899f0f495e92276ac2532634a78 1380312 teeworlds-dbgsym_0.6.5+dfsg-1~deb9u1_amd64.deb
 eb9f86c0f811374524bb24341bb7aabb35498af8 510672 teeworlds-server-dbgsym_0.6.5+dfsg-1~deb9u1_amd64.deb
 7145ae216f60ba3ce731cf43258fdf80247825e4 136594 teeworlds-server_0.6.5+dfsg-1~deb9u1_amd64.deb
 abd32b1208d7de4eaf78019bddfa03b37f9f2f46 11935 teeworlds_0.6.5+dfsg-1~deb9u1_amd64.buildinfo
 7e1fc19cd5cc63ee650a07333aa469a7611dbdfc 347872 teeworlds_0.6.5+dfsg-1~deb9u1_amd64.deb
Checksums-Sha256:
 49e5386e2b07bf0e5e82205fc2f83ce16dec29be1d14bc3f07e3f10f450e26f7 2460 teeworlds_0.6.5+dfsg-1~deb9u1.dsc
 a98cfce76c63ff351fa2c643a3cb08896f7cb27935bd1634a62dd521037d220d 6907484 teeworlds_0.6.5+dfsg.orig.tar.xz
 b6be7082f9dac482ff33306287847f1df87d5aeaa7af2c48cd26287480bb9641 9192 teeworlds_0.6.5+dfsg-1~deb9u1.debian.tar.xz
 5f46ba6785039ecfd75af608fb8df31b206792d6a2f0a72a0d4de74393fc74f4 6418110 teeworlds-data_0.6.5+dfsg-1~deb9u1_all.deb
 083462db13c3efc4ae3520e58f328507b394cd647ddc0e0fd765fa82ff49e31b 1380312 teeworlds-dbgsym_0.6.5+dfsg-1~deb9u1_amd64.deb
 b0d2bb5a8adde9457dab478a48ca74a3a5ffedc578b7202a35e57c0cca6c5195 510672 teeworlds-server-dbgsym_0.6.5+dfsg-1~deb9u1_amd64.deb
 f67787abfe9f60368215040a71b5d83bd151b3d9026d287f433a274f255ff587 136594 teeworlds-server_0.6.5+dfsg-1~deb9u1_amd64.deb
 cc8b1c7147b85085de8306a0643ea441881f486f332ca5668cf72ab549c37cc9 11935 teeworlds_0.6.5+dfsg-1~deb9u1_amd64.buildinfo
 037f59006bc3fe02094cd9a0ba5aca4ee44dbcd04d9cf4cbf981284d1daac822 347872 teeworlds_0.6.5+dfsg-1~deb9u1_amd64.deb
Files:
 96bc3eb18e4760f5086e3be52dc3545b 2460 games optional teeworlds_0.6.5+dfsg-1~deb9u1.dsc
 50c1c61636f5b0efc85f4dfd58d17c53 6907484 games optional teeworlds_0.6.5+dfsg.orig.tar.xz
 b430fe885aa9f39d33ca4cb9ecda92c4 9192 games optional teeworlds_0.6.5+dfsg-1~deb9u1.debian.tar.xz
 ac237701425a2669bcff5066b816a2f1 6418110 games optional teeworlds-data_0.6.5+dfsg-1~deb9u1_all.deb
 41ef9da02a5e6366f17487d7561e4af2 1380312 debug extra teeworlds-dbgsym_0.6.5+dfsg-1~deb9u1_amd64.deb
 67b23f94b8c39aedd76391e4aa15199e 510672 debug extra teeworlds-server-dbgsym_0.6.5+dfsg-1~deb9u1_amd64.deb
 7f4ae3a688d1ec1172f19c27a3ffd108 136594 games optional teeworlds-server_0.6.5+dfsg-1~deb9u1_amd64.deb
 2cdf4311200734c3d5772f72d49d0093 11935 games optional teeworlds_0.6.5+dfsg-1~deb9u1_amd64.buildinfo
 8c9d23c9f0d8ef4070d31406e76edd6b 347872 games optional teeworlds_0.6.5+dfsg-1~deb9u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlvUvixfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkdK0QAKlp8IFszvMZHGUFnN5PvNGs7gikycCjRT8r
5lSSFDaDTVCxV0vS/R8dUjHBh6xDCt4XcuQfpVUGx8jhdEANvQzr0owIwC/ZzlN0
cTz4cvnzZGQEjFhjh7i4jl7ls7AWIU6mJ/V0FiPuT0Nwk0oVi7TQDrVGDyido0x+
cGTOA9xbVyw0YU7HqAoGH60CCHbH6pZURbXaibba43JYSUspzVorwbSvHirErvJX
wCrMZNU3vy5m0UCz611FFDhx+KQ6HN835FU8QSKUmpowFTgBurcqCSv5OZLENns9
Yt5yzhlJubVZLPajgQyup2OVeloWK3jkcS4pwqPnMN043GfBoPOwihSuOK7f7xFw
cIJLpub36AxVvcriK3YdPEyTms0LhZpnSVfmdhSj99zDUfP8KZ8rFY3YWHO1eRWS
JDL+f2swtVMF5spZaAH1zV0FzmxKY+lc2Y4tcLoEawteUIVyHMDkmOW35Kwmw9Oo
TvRvS9cTQBv1H7bf3+NeZC7oHngexa7ady7CELu4xrqWp82/t5KHpLairGwv28cz
kvIhuBtCabPjgx0zcKY/9r5A/DFABGrhwZHcuvpySEUoVpW3+PF36oXHIdaWPEnn
DgrL+O5UPDKBJiEeDjdU/yA1SMyXgowjP7qXn9CNlDNlMcn7SCB4+0B+lRaIrdlu
rOnbvrHY
=++Ww
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.