---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales@secunia.com ---------------------------------------------------------------------- TITLE: OpenTTD Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39669 VERIFY ADVISORY: http://secunia.com/advisories/39669/ DESCRIPTION: Some vulnerabilities have been reported in OpenTTD, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service), and by malicious users to cause a DoS and potentially compromise a vulnerable system. 1) An error exists within the handling of password requests. This can be exploited to access the game without knowing the correct game password. Successful exploitation requires that the password of one of the companies is known or that one of the companies uses an empty password. Note: This can also be exploited to crash the server by sending a password packet as spectator. 2) Various errors within the handling of certain commands related to e.g. integer truncation can be exploited to crash the server and potentially execute arbitrary code by sending specially crafted commands to a vulnerable server. 3) A file descriptor leak can be exploited to crash the server by e.g. repeatedly initiating the download of a map and then canceling the download until the server runs out of file descriptors. SOLUTION: Update to version 1.0.1 or apply patches. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: 1) http://security.openttd.org/en/CVE-2010-0401 2) http://security.openttd.org/en/CVE-2010-0402 3) http://security.openttd.org/en/CVE-2010-0406 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------