Gentoo Linux Security Advisory GLSA 200407-14
Severity: High
Title: Unreal Tournament 2003/2004: Buffer overflow in ‘secure’
queries
Date: July 19, 2004
Bugs: #54726
ID: 200407-14
Synopsis
Game servers based on the Unreal engine are vulnerable to remote
code execution through malformed ‘secure’ queries.
Background
Unreal Tournament 2003 and 2004 are popular first-person-shooter
games. They are both based on the Unreal engine, and can be used in
a game server / client setup.
Affected packages
Package | Vulnerable | Unaffected |
1 games-fps/ut2003 | <= 2225-r2 | >= 2225-r3 |
2 games-server/ut2003-ded | <= 2225-r1 | >= 2225-r2 |
3 games-fps/ut2004 | < 3236 | >= 3236 |
4 games-fps/ut2004-demo | <= 3120-r3 | >= 3120-r4 |
4 affected packages on all of their supported architectures.
Description
The Unreal-based game servers support a specific type of query
called ‘secure’. Part of the Gamespy protocol, this query is used
to ask if the game server is able to calculate an exact response
using a provided string. Luigi Auriemma found that sending a long
‘secure’ query triggers a buffer overflow in the game server.
Impact
By sending a malicious UDP-based ‘secure’ query, an attacker
could execute arbitrary code on the game server.
Workaround
Users can avoid this vulnerability by not using Unreal
Tournament to host games as a server. All users running a server
should upgrade to the latest versions.
Resolution
All Unreal Tournament users should upgrade to the latest
available versions:
# emerge sync # emerge -pv ">=games-fps/ut2003-2225-r3" # emerge ">=games-fps/ut2003-2225-r3" # emerge -pv ">=games-server/ut2003-ded-2225-r2" # emerge ">=games-server/ut2003-ded-2225-r2" # emerge -pv ">=games-fps/ut2004-3236" # emerge ">=games-fps/ut2004-3236" # emerge -pv ">=games-fps/ut2004-demo-3120-r4" # emerge ">=games-fps/ut2004-demo-3120-r4"
References
[ 1 ] Luigi Auriemma advisory
http://aluigi.altervista.org/adv/unsecure-adv.txt
[ 2 ] CAN-2004-0608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0608
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200407-14.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2004 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/1.0
Gentoo Linux Security Advisory GLSA 200407-15
Severity: Normal
Title: Opera: Multiple spoofing vulnerabilities
Date: July 20, 2004
Bugs: #56311, #56109
ID: 200407-15
Synopsis
Opera contains three vulnerabilities, allowing an attacker to
impersonate legitimate websites with URI obfuscation or to spoof
websites with frame injection.
Background
Opera is a multi-platform web browser.
Affected packages
Package | Vulnerable | Unaffected |
1 net-www/opera | <= 7.52 | >= 7.53 |
Description
Opera fails to remove illegal characters from an URI of a link
and to check that the target frame of a link belongs to the same
website as the link. Opera also updates the address bar before
loading a page. Additionally, Opera contains a certificate
verification problem.
Impact
These vulnerabilities could allow an attacker to impersonate
legitimate websites to steal sensitive information from users. This
could be done by obfuscating the real URI of a link or by injecting
a malicious frame into an arbitrary frame of another browser
window.
Workaround
There is no known workaround at this time. All users are
encouraged to upgrade to the latest available version.
Resolution
All Opera users should upgrade to the latest stable version:
# emerge sync # emerge -pv ">=net-www/opera-7.53" # emerge ">=net-www/opera-7.53"
References
[ 1 ] Bugtraq Announcement
http://www.securityfocus.com/bid/10517
[ 2 ] Secunia Advisory SA11978
http://secunia.com/advisories/11978/
[ 3 ] Secunia Advisory SA12028
http://secunia.com/advisories/12028/
[ 4 ] Opera Changelog
http://www.opera.com/linux/changelogs/753/
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200407-15.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2004 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/1.0
Gentoo Linux Security Advisory GLSA 200407-17
Severity: High
Title: l2tpd: Buffer overflow
Date: July 22, 2004
Bugs: #53009
ID: 200407-17
Synopsis
A buffer overflow in l2tpd could lead to remote code execution.
It is not known whether this bug is exploitable.
Background
l2tpd is a GPL implentation of the Layer 2 Tunneling
Protocol.
Affected packages
Package | Vulnerable | Unaffected |
1 net-dialup/l2tpd | < 0.69-r2 | >= 0.69-r2 |
Description
Thomas Walpuski discovered a buffer overflow that may be
exploitable by sending a specially crafted packet. In order to
exploit the vulnerable code, an attacker would need to fake the
establishment of an L2TP tunnel.
Impact
A remote attacker may be able to execute arbitrary code with the
privileges of the user running l2tpd.
Workaround
There is no known workaround for this vulnerability.
Resolution
All users are recommended to upgrade to the latest stable
version:
# emerge sync # emerge -pv ">=net-l2tpd-0.69-r2"
# emerge ">=net-l2tpd-0.69-r2"
References
[ 1 ] CAN-2004-0649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0649
[ 2 ] Full Disclosure Report
http://seclists.org/lists/fulldisclosure/2004/Jun/0094.html
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200407-17.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2004 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.