FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  368515
Date:      2014-09-18
Time:      19:53:09Z
Committer: madpilot

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1ac858b0-3fae-11e1-a127-0013d3ccd9dfOpenTTD -- Denial of service (server) via slow read attack

The OpenTTD Team reports:

Using a slow read type attack it is possible to prevent anyone from joining a server with virtually no resources. Once downloading the map no other downloads of the map can start, so downloading really slowly will prevent others from joining. This can be further aggravated by the pause-on-join setting in which case the game is paused and the players cannot continue the game during such an attack. This attack requires that the user is not banned and passes the authorization to the server, although for many servers there is no server password and thus authorization is easy.


Discovery 2012-01-06
Entry 2012-01-16
openttd
ge 0.3.5 lt 1.1.5

CVE-2012-0049
http://security.openttd.org/en/CVE-2012-0049
1ac858b0-3fae-11e1-a127-0013d3ccd9dfOpenTTD -- Denial of service (server) via slow read attack

The OpenTTD Team reports:

Using a slow read type attack it is possible to prevent anyone from joining a server with virtually no resources. Once downloading the map no other downloads of the map can start, so downloading really slowly will prevent others from joining. This can be further aggravated by the pause-on-join setting in which case the game is paused and the players cannot continue the game during such an attack. This attack requires that the user is not banned and passes the authorization to the server, although for many servers there is no server password and thus authorization is easy.


Discovery 2012-01-06
Entry 2012-01-16
openttd
ge 0.3.5 lt 1.1.5

CVE-2012-0049
http://security.openttd.org/en/CVE-2012-0049
d2073237-5b52-11e3-80f7-c86000cbc6ecOpenTTD -- Denial of service using forcefully crashed aircrafts

The OpenTTD Team reports:

The problem is caused by incorrectly handling the fact that the aircraft circling the corner airport will be outside of the bounds of the map. In the 'out of fuel' crash code the height of the tile under the aircraft is determined. In this case that means a tile outside of the allocated map array, which could occasionally trigger invalid reads.


Discovery 2013-11-28
Entry 2013-11-28
openttd
ge 0.3.6 lt 1.3.3

CVE-2013-6411
https://security.openttd.org/en/CVE-2013-6411
http://bugs.openttd.org/task/5820
http://vcs.openttd.org/svn/changeset/26134
0f62be39-e8e0-11e1-bea0-002354ed89bcOpenTTD -- Denial of Service

The OpenTTD Team reports:

Denial of service (server) using ships on half tiles and landscaping.


Discovery 2012-07-25
Entry 2012-08-18
openttd
le 1.2.1

CVE-2012-3436
http://security.openttd.org/en/CVE-2012-3436