Published: 08/09/2011 Updated: 19/01/2012

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple off-by-one errors in order_cmd.cpp in OpenTTD prior to 1.1.3 allow remote malicious users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openttd openttd 1.0.0
openttd openttd 1.0.3
openttd openttd 1.0.2
openttd openttd 1.1.0
openttd openttd 0.4.8
openttd openttd 0.7.0
openttd openttd 0.5.2
openttd openttd 0.7.3
openttd openttd 0.1.1
openttd openttd 0.7.5
openttd openttd 0.2.1
openttd openttd 0.3.2
openttd openttd 0.3.4
openttd openttd 0.3.3
openttd openttd 0.5.0
openttd openttd 0.5.1
openttd openttd 0.6.0
openttd openttd 0.4.7
openttd openttd 0.5.3
openttd openttd 1.0.5
openttd openttd 1.1.1
openttd openttd 0.6.3
openttd openttd 0.7.2
openttd openttd 0.7.1
openttd openttd 0.1.2
openttd openttd 0.7.4
openttd openttd 0.3.0
openttd openttd 0.3.2.1
openttd openttd 0.4.0
openttd openttd 0.3.7
openttd openttd
openttd openttd 0.6.1
openttd openttd 0.1.4
openttd openttd 0.2.0
openttd openttd 0.3.6
openttd openttd 0.3.5
openttd openttd 0.4.6
openttd openttd 0.4.5
openttd openttd 0.6.2
openttd openttd 1.0.1
openttd openttd 1.0.4
openttd openttd 1.1.2
openttd openttd 0.1.3
openttd openttd 0.3.1
openttd openttd 0.4.0.1

Several vulnerabilities have been discovered in OpenTTD, a transport business simulation game Multiple buffer overflows and off-by-one errors allow remote attackers to cause denial of service For the oldstable distribution (lenny), this problem has been fixed in version 062-1+lenny4 For the stable distribution (squeeze), this problem has been ...

CWE-189 http://bugs.openttd.org/task/4745/getfile/7707/fixcmds.diff http://openwall.com/lists/oss-security/2011/09/02/4 http://openwall.com/lists/oss-security/2011/09/06/2 http://bugs.openttd.org/task/4745 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066128.html http://secunia.com/advisories/46075 http://www.securityfocus.com/bid/49439 http://security.openttd.org/en/CVE-2011-3341 http://www.debian.org/security/2012/dsa-2386 https://nvd.nist.gov https://www.debian.org/security/./dsa-2386

CVE-2011-3341

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect