OpenTTD: Remote Denial of Service — GLSA 200609-03

The OpenTTD server is vulnerable to a remote Denial of Service.

Affected Packages

games-simulation/openttd on all architectures
Affected versions < 0.4.8
Unaffected versions >= 0.4.8

Background

OpenTTD is a clone of Transport Tycoon Deluxe.

Description

OpenTTD is vulnerable to a Denial of Service attack due to a flaw in the manner the game server handles errors in command packets.

Impact

An authenticated attacker can cause a Denial of Service by sending an invalid error number to a vulnerable OpenTTD server.

Workaround

There is no known workaround at this time.

Resolution

All OpenTTD users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=games-simulation/openttd-0.4.8"

References

Release Date
September 06, 2006

Latest Revision
September 06, 2006: 01

Severity
normal

Exploitable
remote

Bugzilla entries