CVE-2006-3913: arbitrary code execution in freeciv

Debian Bug report logs - #381378
CVE-2006-3913: arbitrary code execution in freeciv

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Stefan Fritsch <sf@sfritsch.de>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2006-3913: arbitrary code execution in freeciv

Date: Fri, 04 Aug 2006 00:28:51 +0200

Package: freeciv
Severity: grave
Tags: security
Justification: user security hole

CVE-2006-3913:
"Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul
2006 and earlier, allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a (1) negative
chunk_length or a (2) large chunk->offset value in a
PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the
generic_handle_player_attribute_chunk function in common/packets.c,
and (3) a large packet->length value in the handle_unit_orders
function in server/unithand.c."

Please mention the CVE-id in the changelog.

Message #10 received at 381378@bugs.debian.org (full text, mbox, reply):

From: Martin Schulze <joey@infodrom.org>

To: Stefan Fritsch <sf@sfritsch.de>

Cc: Debian Bug Tracking System <381378@bugs.debian.org>

Subject: Re: Bug#381378: CVE-2006-3913: arbitrary code execution in freeciv

Date: Fri, 4 Aug 2006 06:58:24 +0200

[Message part 1 (text/plain, inline)]

Stefan Fritsch wrote:
> Package: freeciv
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> CVE-2006-3913:
> "Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul
> 2006 and earlier, allows remote attackers to cause a denial of service
> (crash) and possibly execute arbitrary code via a (1) negative
> chunk_length or a (2) large chunk->offset value in a
> PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the
> generic_handle_player_attribute_chunk function in common/packets.c,
> and (3) a large packet->length value in the handle_unit_orders
> function in server/unithand.c."
> 
> Please mention the CVE-id in the changelog.

Attached please find the patch sent to the maintainer already.

Regards,

	Joey


-- 
In the beginning was the word, and the word was content-type: text/plain

Please always Cc to me when replying to me on the lists.

[patch.CVE-2006-3913.freeciv (text/plain, attachment)]

Message #15 received at 381378@bugs.debian.org (full text, mbox, reply):

From: Steve Langasek <vorlon@debian.org>

To: 381378@bugs.debian.org

Subject: Re: CVE-2006-3913: arbitrary code execution in freeciv

Date: Wed, 16 Aug 2006 19:31:38 -0700

tags 381378 patch
thanks

Hi guys,

I've prepared a 0-day NMU for this security bug in freeciv, applying the
relevant bits of the patch Joey sent to the bug report.  Please find the
full NMU diff attached.

Thanks,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

Message #22 received at 381378@bugs.debian.org (full text, mbox, reply):

From: Steve Langasek <vorlon@debian.org>

To: 381378@bugs.debian.org

Subject: Re: CVE-2006-3913: arbitrary code execution in freeciv

Date: Wed, 16 Aug 2006 19:32:34 -0700

[Message part 1 (text/plain, inline)]

On Wed, Aug 16, 2006 at 07:31:38PM -0700, Steve Langasek wrote:
> tags 381378 patch
> thanks

> Hi guys,

> I've prepared a 0-day NMU for this security bug in freeciv, applying the
> relevant bits of the patch Joey sent to the bug report.  Please find the
> full NMU diff attached.

Made you look!

Now try to find the full NMU diff attached /here/.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

[freeciv-381378.diff (text/plain, attachment)]

Message #29 received at 381378-close@bugs.debian.org (full text, mbox, reply):

From: Jordi Mallach <jordi@debian.org>

To: 381378-close@bugs.debian.org

Subject: Bug#381378: fixed in freeciv 2.0.8-3

Date: Fri, 18 Aug 2006 21:17:17 -0700

Source: freeciv
Source-Version: 2.0.8-3

We believe that the bug you reported is fixed in the latest version of
freeciv, which is due to be installed in the Debian FTP archive:

freeciv-client-gtk_2.0.8-3_sparc.deb
  to pool/main/f/freeciv/freeciv-client-gtk_2.0.8-3_sparc.deb
freeciv-client-xaw3d_2.0.8-3_sparc.deb
  to pool/main/f/freeciv/freeciv-client-xaw3d_2.0.8-3_sparc.deb
freeciv-data_2.0.8-3_all.deb
  to pool/main/f/freeciv/freeciv-data_2.0.8-3_all.deb
freeciv-server_2.0.8-3_sparc.deb
  to pool/main/f/freeciv/freeciv-server_2.0.8-3_sparc.deb
freeciv_2.0.8-3.diff.gz
  to pool/main/f/freeciv/freeciv_2.0.8-3.diff.gz
freeciv_2.0.8-3.dsc
  to pool/main/f/freeciv/freeciv_2.0.8-3.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 381378@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jordi Mallach <jordi@debian.org> (supplier of updated freeciv package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 18 Aug 2006 11:55:47 +0200
Source: freeciv
Binary: freeciv-client-gtk freeciv-data freeciv-client-xaw3d freeciv-server
Architecture: source all sparc
Version: 2.0.8-3
Distribution: unstable
Urgency: high
Maintainer: Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>
Changed-By: Jordi Mallach <jordi@debian.org>
Description: 
 freeciv-client-gtk - Civilization turn based strategy game (GTK+ client)
 freeciv-client-xaw3d - Civilization turn based strategy game (Xaw3D client)
 freeciv-data - Civilization turn based strategy game (game data)
 freeciv-server - Civilization turn based strategy game (server files)
Closes: 381378
Changes: 
 freeciv (2.0.8-3) unstable; urgency=high
 .
   * Ack vorlon's NMU. Thanks! Closes: #381378.
   * Add common/packets.c bits to CVE-2006-3913 from freeciv's SVN
     repository.
Files: 
 cb507b9edf490ca9860c77cc829c5ba3 1031 games optional freeciv_2.0.8-3.dsc
 7086d340b57c9915fe67933382015d6c 47681 games optional freeciv_2.0.8-3.diff.gz
 85946267fc421767586e6380f9e472fe 3911132 games optional freeciv-data_2.0.8-3_all.deb
 de58ee632cc4374b933e366feebbcb9c 428776 games optional freeciv-server_2.0.8-3_sparc.deb
 c9ea0e5d9ba02155272f639042e3fc0d 366996 games optional freeciv-client-xaw3d_2.0.8-3_sparc.deb
 a5c92649b107d0362861d5955fde045b 392856 games optional freeciv-client-gtk_2.0.8-3_sparc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Debian!

iD8DBQFE5o7c5m0u66uWM3ARAj0rAJsEfljMvGCGOYiF69c4oAyCeX4tyACdGa3o
LMV1xKVjXMh4AtN1OvNHq+E=
=Ayfh
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.