---

Gentoo Linux Advisories: Unreal Tournament 2003/2004, Opera, l2tpd


Gentoo Linux Security Advisory GLSA 200407-14


http://security.gentoo.org/


Severity: High
Title: Unreal Tournament 2003/2004: Buffer overflow in ‘secure’
queries
Date: July 19, 2004
Bugs: #54726
ID: 200407-14


Synopsis

Game servers based on the Unreal engine are vulnerable to remote
code execution through malformed ‘secure’ queries.

Background

Unreal Tournament 2003 and 2004 are popular first-person-shooter
games. They are both based on the Unreal engine, and can be used in
a game server / client setup.

Affected packages

Package Vulnerable Unaffected
1 games-fps/ut2003 <= 2225-r2 >= 2225-r3
2 games-server/ut2003-ded <= 2225-r1 >= 2225-r2
3 games-fps/ut2004 < 3236 >= 3236
4 games-fps/ut2004-demo <= 3120-r3 >= 3120-r4

4 affected packages on all of their supported architectures.


Description

The Unreal-based game servers support a specific type of query
called ‘secure’. Part of the Gamespy protocol, this query is used
to ask if the game server is able to calculate an exact response
using a provided string. Luigi Auriemma found that sending a long
‘secure’ query triggers a buffer overflow in the game server.

Impact

By sending a malicious UDP-based ‘secure’ query, an attacker
could execute arbitrary code on the game server.

Workaround

Users can avoid this vulnerability by not using Unreal
Tournament to host games as a server. All users running a server
should upgrade to the latest versions.

Resolution

All Unreal Tournament users should upgrade to the latest
available versions:

    # emerge sync
    # emerge -pv ">=games-fps/ut2003-2225-r3"
    # emerge ">=games-fps/ut2003-2225-r3"
    # emerge -pv ">=games-server/ut2003-ded-2225-r2"
    # emerge ">=games-server/ut2003-ded-2225-r2"
    # emerge -pv ">=games-fps/ut2004-3236"
    # emerge ">=games-fps/ut2004-3236"
    # emerge -pv ">=games-fps/ut2004-demo-3120-r4"
    # emerge ">=games-fps/ut2004-demo-3120-r4"

References

[ 1 ] Luigi Auriemma advisory

http://aluigi.altervista.org/adv/unsecure-adv.txt

[ 2 ] CAN-2004-0608

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0608

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200407-14.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2004 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0


Gentoo Linux Security Advisory GLSA 200407-15


http://security.gentoo.org/


Severity: Normal
Title: Opera: Multiple spoofing vulnerabilities
Date: July 20, 2004
Bugs: #56311, #56109
ID: 200407-15


Synopsis

Opera contains three vulnerabilities, allowing an attacker to
impersonate legitimate websites with URI obfuscation or to spoof
websites with frame injection.

Background

Opera is a multi-platform web browser.

Affected packages

Package Vulnerable Unaffected
1 net-www/opera <= 7.52 >= 7.53

Description

Opera fails to remove illegal characters from an URI of a link
and to check that the target frame of a link belongs to the same
website as the link. Opera also updates the address bar before
loading a page. Additionally, Opera contains a certificate
verification problem.

Impact

These vulnerabilities could allow an attacker to impersonate
legitimate websites to steal sensitive information from users. This
could be done by obfuscating the real URI of a link or by injecting
a malicious frame into an arbitrary frame of another browser
window.

Workaround

There is no known workaround at this time. All users are
encouraged to upgrade to the latest available version.

Resolution

All Opera users should upgrade to the latest stable version:

    # emerge sync
    # emerge -pv ">=net-www/opera-7.53"
    # emerge ">=net-www/opera-7.53"

References

[ 1 ] Bugtraq Announcement

http://www.securityfocus.com/bid/10517

[ 2 ] Secunia Advisory SA11978

http://secunia.com/advisories/11978/

[ 3 ] Secunia Advisory SA12028

http://secunia.com/advisories/12028/

[ 4 ] Opera Changelog

http://www.opera.com/linux/changelogs/753/

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200407-15.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2004 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0


Gentoo Linux Security Advisory GLSA 200407-17


http://security.gentoo.org/


Severity: High
Title: l2tpd: Buffer overflow
Date: July 22, 2004
Bugs: #53009
ID: 200407-17


Synopsis

A buffer overflow in l2tpd could lead to remote code execution.
It is not known whether this bug is exploitable.

Background

l2tpd is a GPL implentation of the Layer 2 Tunneling
Protocol.

Affected packages

Package Vulnerable Unaffected
1 net-dialup/l2tpd < 0.69-r2 >= 0.69-r2

Description

Thomas Walpuski discovered a buffer overflow that may be
exploitable by sending a specially crafted packet. In order to
exploit the vulnerable code, an attacker would need to fake the
establishment of an L2TP tunnel.

Impact

A remote attacker may be able to execute arbitrary code with the
privileges of the user running l2tpd.

Workaround

There is no known workaround for this vulnerability.

Resolution

All users are recommended to upgrade to the latest stable
version:

    # emerge sync
    # emerge -pv ">=net-l2tpd-0.69-r2"
# emerge ">=net-l2tpd-0.69-r2"

References

[ 1 ] CAN-2004-0649

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0649

[ 2 ] Full Disclosure Report

http://seclists.org/lists/fulldisclosure/2004/Jun/0094.html

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200407-17.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2004 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis