 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.901136 |
| Kategorie: | Denial of Service |
| Titel: | OpenTTD 'NetworkSyncCommandQueue()' Denial of Service Vulnerability |
| Zusammenfassung: | OpenTTD is prone to a denial of service (DoS) vulnerability. |
| Beschreibung: | Summary: OpenTTD is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The flaw is due to the 'NetworkSyncCommandQueue()' function in 'src/network/network_command.cpp' not properly resetting the 'next' pointer, which can be exploited to trigger an endless loop and exhaust CPU resources when joining a server. Vulnerability Impact: Successful exploitation will allow remote attackers to cause the application to fall into an infinite loop, denying service to legitimate users. Affected Software/OS: OpenTTD version 1.0.2 and prior. Solution: Upgrade to the latest version of OpenTTD 1.0.3 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-2534 40630 http://secunia.com/advisories/40630 40760 http://secunia.com/advisories/40760 41804 http://www.securityfocus.com/bid/41804 66503 http://osvdb.org/66503 ADV-2010-1888 http://www.vupen.com/english/advisories/2010/1888 ADV-2010-1916 http://www.vupen.com/english/advisories/2010/1916 FEDORA-2010-11401 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044516.html FEDORA-2010-11450 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044565.html [oss-security] 20100720 CVE request for OpenTTD http://www.openwall.com/lists/oss-security/2010/07/20/1 http://bugs.openttd.org/task/3909 http://bugs.openttd.org/task/3909/getfile/6237/loop_fix.patch http://security.openttd.org/en/CVE-2010-2534 openttd-networksynccommandqueue-dos(60568) https://exchange.xforce.ibmcloud.com/vulnerabilities/60568 |
| Copyright | Copyright (C) 2010 Greenbone AG |
| Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |