dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Gentoo Linux Advisories: Unreal Tournament 2003/2004, Opera, l2tpd

Jul 22, 2004, 20:25 (0 Talkback[s])

Gentoo Linux Security Advisory GLSA 200407-14

http://security.gentoo.org/


Severity: High
Title: Unreal Tournament 2003/2004: Buffer overflow in 'secure' queries
Date: July 19, 2004
Bugs: #54726
ID: 200407-14


Synopsis

Game servers based on the Unreal engine are vulnerable to remote code execution through malformed 'secure' queries.

Background

Unreal Tournament 2003 and 2004 are popular first-person-shooter games. They are both based on the Unreal engine, and can be used in a game server / client setup.

Affected packages

Package Vulnerable Unaffected
1 games-fps/ut2003 <= 2225-r2 >= 2225-r3
2 games-server/ut2003-ded <= 2225-r1 >= 2225-r2
3 games-fps/ut2004 < 3236 >= 3236
4 games-fps/ut2004-demo <= 3120-r3 >= 3120-r4

4 affected packages on all of their supported architectures.


Description

The Unreal-based game servers support a specific type of query called 'secure'. Part of the Gamespy protocol, this query is used to ask if the game server is able to calculate an exact response using a provided string. Luigi Auriemma found that sending a long 'secure' query triggers a buffer overflow in the game server.

Impact

By sending a malicious UDP-based 'secure' query, an attacker could execute arbitrary code on the game server.

Workaround

Users can avoid this vulnerability by not using Unreal Tournament to host games as a server. All users running a server should upgrade to the latest versions.

Resolution

All Unreal Tournament users should upgrade to the latest available versions:

    # emerge sync
    # emerge -pv ">=games-fps/ut2003-2225-r3"
    # emerge ">=games-fps/ut2003-2225-r3"
    # emerge -pv ">=games-server/ut2003-ded-2225-r2"
    # emerge ">=games-server/ut2003-ded-2225-r2"
    # emerge -pv ">=games-fps/ut2004-3236"
    # emerge ">=games-fps/ut2004-3236"
    # emerge -pv ">=games-fps/ut2004-demo-3120-r4"
    # emerge ">=games-fps/ut2004-demo-3120-r4"

References

[ 1 ] Luigi Auriemma advisory

http://aluigi.altervista.org/adv/unsecure-adv.txt

[ 2 ] CAN-2004-0608

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0608

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200407-14.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0


Gentoo Linux Security Advisory GLSA 200407-15

http://security.gentoo.org/


Severity: Normal
Title: Opera: Multiple spoofing vulnerabilities
Date: July 20, 2004
Bugs: #56311, #56109
ID: 200407-15


Synopsis

Opera contains three vulnerabilities, allowing an attacker to impersonate legitimate websites with URI obfuscation or to spoof websites with frame injection.

Background

Opera is a multi-platform web browser.

Affected packages

Package Vulnerable Unaffected
1 net-www/opera <= 7.52 >= 7.53

Description

Opera fails to remove illegal characters from an URI of a link and to check that the target frame of a link belongs to the same website as the link. Opera also updates the address bar before loading a page. Additionally, Opera contains a certificate verification problem.

Impact

These vulnerabilities could allow an attacker to impersonate legitimate websites to steal sensitive information from users. This could be done by obfuscating the real URI of a link or by injecting a malicious frame into an arbitrary frame of another browser window.

Workaround

There is no known workaround at this time. All users are encouraged to upgrade to the latest available version.

Resolution

All Opera users should upgrade to the latest stable version:

    # emerge sync
    # emerge -pv ">=net-www/opera-7.53"
    # emerge ">=net-www/opera-7.53"

References

[ 1 ] Bugtraq Announcement

http://www.securityfocus.com/bid/10517

[ 2 ] Secunia Advisory SA11978

http://secunia.com/advisories/11978/

[ 3 ] Secunia Advisory SA12028

http://secunia.com/advisories/12028/

[ 4 ] Opera Changelog

http://www.opera.com/linux/changelogs/753/

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200407-15.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0


Gentoo Linux Security Advisory GLSA 200407-17

http://security.gentoo.org/


Severity: High
Title: l2tpd: Buffer overflow
Date: July 22, 2004
Bugs: #53009
ID: 200407-17


Synopsis

A buffer overflow in l2tpd could lead to remote code execution. It is not known whether this bug is exploitable.

Background

l2tpd is a GPL implentation of the Layer 2 Tunneling Protocol.

Affected packages

Package Vulnerable Unaffected
1 net-dialup/l2tpd < 0.69-r2 >= 0.69-r2

Description

Thomas Walpuski discovered a buffer overflow that may be exploitable by sending a specially crafted packet. In order to exploit the vulnerable code, an attacker would need to fake the establishment of an L2TP tunnel.

Impact

A remote attacker may be able to execute arbitrary code with the privileges of the user running l2tpd.

Workaround

There is no known workaround for this vulnerability.

Resolution

All users are recommended to upgrade to the latest stable version:

    # emerge sync
    # emerge -pv ">=net-l2tpd-0.69-r2"
# emerge ">=net-l2tpd-0.69-r2"

References

[ 1 ] CAN-2004-0649

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0649

[ 2 ] Full Disclosure Report

http://seclists.org/lists/fulldisclosure/2004/Jun/0094.html

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200407-17.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0