CVE-2006-400[56]: Multiple Remote Vulnerabilities in Bomberclone

Debian Bug report logs - #382082
CVE-2006-400[56]: Multiple Remote Vulnerabilities in Bomberclone

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Stefan Fritsch <sf@sfritsch.de>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2006-4006: Multiple Remote Vulnerabilities in Bomberclone

Date: Tue, 08 Aug 2006 20:44:47 +0200

Package: bomberclone
Severity: grave
Tags: security
Justification: user security hole

Multiple Vulnerabilities have been found in Bomberclone:

The do_gameinfo functionin BomberClone 0.11.6 and earlier, and
possibly other functions, does not reset the packet data size, which
causes the send_pkg function (packets.c) to use this data size when
sending a reply, and allows remote attackers to read portions of
server memory.

http://secunia.com/advisories/21303 lists 0.11.6.2 as vulnerable

See
http://aluigi.altervista.org/adv/bcloneboom-adv.txt
for details.

Please mention the CVE-id in the changelog.

Message #10 received at 382082@bugs.debian.org (full text, mbox, reply):

From: Stefan Fritsch <sf@sfritsch.de>

To: 382082@bugs.debian.org, control@bugs.debian.org

Subject: CVE-2006-400[56]: Multiple Remote Vulnerabilities in Bomberclone

Date: Tue, 8 Aug 2006 20:56:54 +0200

package bomberclone
retitle 382082 CVE-2006-400[56]: Multiple Remote Vulnerabilities in Bomberclone
thanks

CVE-2006-4005 is about bomberclone, too:

BomberClone 0.11.6 and earlier allows remote attackers to cause a
denial of service (daemon crash) via (1) a certain malformed
PKGF_ackreq packet, which triggers a crash in the rscache_add()
function in pkgcache.c; and (2) an error packet, which is intended to
be received by clients and force client shutdown, but also triggers
server shutdown.

Message #17 received at 382082@bugs.debian.org (full text, mbox, reply):

From: Eduard Bloch <edi@gmx.de>

To: Stefan Fritsch <sf@sfritsch.de>, 382082@bugs.debian.org

Cc: steffen@bomberclone.de

Subject: Re: Bug#382082: CVE-2006-400[56]: Multiple Remote Vulnerabilities in Bomberclone

Date: Sat, 12 Aug 2006 21:23:04 +0200

tags 382082 + help
thanks

Could you give me some hints to find an appropriate solution? I am a bit
exhausted with my spare time in these days.

Eduard.

#include <hallo.h>
* Stefan Fritsch [Tue, Aug 08 2006, 08:56:54PM]:
> package bomberclone
> retitle 382082 CVE-2006-400[56]: Multiple Remote Vulnerabilities in Bomberclone
> thanks
> 
> CVE-2006-4005 is about bomberclone, too:
> 
> BomberClone 0.11.6 and earlier allows remote attackers to cause a
> denial of service (daemon crash) via (1) a certain malformed
> PKGF_ackreq packet, which triggers a crash in the rscache_add()
> function in pkgcache.c; and (2) an error packet, which is intended to
> be received by clients and force client shutdown, but also triggers
> server shutdown.
> 

Message #24 received at 382082@bugs.debian.org (full text, mbox, reply):

From: Julien Danjou <acid@debian.org>

To: Eduard Bloch <edi@gmx.de>

Cc: Stefan Fritsch <sf@sfritsch.de>, 382082@bugs.debian.org, steffen@bomberclone.de

Subject: Re: Bug#382082: CVE-2006-400[56]: Multiple Remote Vulnerabilities in Bomberclone

Date: Wed, 16 Aug 2006 10:28:49 +0200

[Message part 1 (text/plain, inline)]

On Sat, Aug 12, 2006 at 09:23:04PM +0200, Eduard Bloch wrote:
> tags 382082 + help
> thanks
> 
> Could you give me some hints to find an appropriate solution? I am a bit
> exhausted with my spare time in these days.

0.11.7 which fix these bugs has been released.

(If you still need help to package this version, even if I doubt, please,
just ask.)

Cheers,
-- 
Julien Danjou
.''`.  Debian Developer
: :' : http://julien.danjou.info
`. `'  http://people.debian.org/~acid
  `-   9A0D 5FD9 EB42 22F6 8974  C95C A462 B51E C2FE E5CD

[signature.asc (application/pgp-signature, inline)]

Message #29 received at 382082@bugs.debian.org (full text, mbox, reply):

From: Mohammed Adnène Trojette <adn+deb@diwi.org>

To: Eduard Bloch <edi@gmx.de>

Cc: Stefan Fritsch <sf@sfritsch.de>, 382082@bugs.debian.org, steffen@bomberclone.de

Subject: Re: Bug#382082: CVE-2006-400[56]: Multiple Remote Vulnerabilities in Bomberclone

Date: Sat, 19 Aug 2006 18:43:25 +0200

[Message part 1 (text/plain, inline)]

On Sat, Aug 12, 2006, Eduard Bloch wrote:
> tags 382082 + help
> thanks
> 
> Could you give me some hints to find an appropriate solution? I am a bit
> exhausted with my spare time in these days.

Hi Eduard, I hope you're doing well.

Here is a NMU diff that packages the last upstream release of
bomberclone. The NMU has the following changelog:

+bomberclone (0.11.7-0.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Bugfix new upstream release
+     - fixes CVE-2006-4005 and CVE-2006-4006. (Closes: #382082)
+     - fixes high CPU usage during menus. (Closes: #308540)
+     - removes dedicated server.
+     - fixes CVE-2006-0460.
+  * Bump Standards-Version to 3.7.2.
+  * Remove integrated CVE-2006-0460.dpatch.
+  * Remove bashisms in debian/rules.
+
+ -- Mohammed Adnène Trojette <adn+deb@diwi.org>  Sat, 19 Aug 2006 18:30:21 +0200

The diff includes all that is necessary to switch from 0.11.6.2-1 to
0.11.7-0.1.

However, I won't upload it unless you agree. It would even be better if
you could do a maintainer upload.

Please check that I did not misread #308540, bomberclone's ChangeLog and
the source code, as I believe that the new upstream version fixes the
Debian bug.

You will also find all the package I built at
http://adn.diwi.org/debian-QA/bomberclone/0.11.7-0.1/

I hope this helps,
-- 
adn
Mohammed Adnène Trojette

[bomberclone-0.11.7-0.1-nmu.diff (text/plain, attachment)]

Message #36 received at 382082-close@bugs.debian.org (full text, mbox, reply):

From: Bart Martens <bartm@knars.be>

To: 382082-close@bugs.debian.org

Subject: Bug#382082: fixed in bomberclone 0.11.7-1

Date: Mon, 21 Aug 2006 01:32:11 -0700

Source: bomberclone
Source-Version: 0.11.7-1

We believe that the bug you reported is fixed in the latest version of
bomberclone, which is due to be installed in the Debian FTP archive:

bomberclone-data_0.11.7-1_all.deb
  to pool/main/b/bomberclone/bomberclone-data_0.11.7-1_all.deb
bomberclone_0.11.7-1.diff.gz
  to pool/main/b/bomberclone/bomberclone_0.11.7-1.diff.gz
bomberclone_0.11.7-1.dsc
  to pool/main/b/bomberclone/bomberclone_0.11.7-1.dsc
bomberclone_0.11.7-1_i386.deb
  to pool/main/b/bomberclone/bomberclone_0.11.7-1_i386.deb
bomberclone_0.11.7-1_sparc.deb
  to pool/main/b/bomberclone/bomberclone_0.11.7-1_sparc.deb
bomberclone_0.11.7.orig.tar.gz
  to pool/main/b/bomberclone/bomberclone_0.11.7.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 382082@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bart Martens <bartm@knars.be> (supplier of updated bomberclone package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 20 Aug 2006 12:17:29 +0200
Source: bomberclone
Binary: bomberclone-data bomberclone
Architecture: source i386 sparc all
Version: 0.11.7-1
Distribution: unstable
Urgency: low
Maintainer: Bart Martens <bartm@knars.be>
Changed-By: Bart Martens <bartm@knars.be>
Description: 
 bomberclone - free Bomberman clone
 bomberclone-data - Data files for bomberclone game
Closes: 316569 382082
Changes: 
 bomberclone (0.11.7-1) unstable; urgency=low
 .
   * New maintainer.  Closes: #316569.
   * New upstream release.  Closes: #382082.  That fixes CVE-2006-4005 and
     CVE-2006-4006.
   * debian/*: Repackaged with dh-make 0.41.
   * debian/source.lintian-overrides: Added.
   * debian/watch: Added.
Files: 
 9ffa8dc587848649bb520a2be14f984b 687 games extra bomberclone_0.11.7-1.dsc
 48a1ed3b10d4b52cae4e478e5d8af740 8024434 games extra bomberclone_0.11.7.orig.tar.gz
 accec75fed0047231641b40b30c17d71 7081 games extra bomberclone_0.11.7-1.diff.gz
 6565b5b6f6e7ae773418e23410e73be3 102064 games extra bomberclone_0.11.7-1_i386.deb
 3133cb10494edfa5c9917ecd389d23f5 7597462 games extra bomberclone-data_0.11.7-1_all.deb
 5b4bb9926f745e25d73435a9c108744a 107678 games extra bomberclone_0.11.7-1_sparc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFE6WcGipBneRiAKDwRArN2AJ4xU41hIgGRdo8OcVxC39nxl12DLACeLkIS
hA4VJ3mVHe5Z4gnYr/Cw0Ck=
=8LWd
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.