Debian Bug report logs - #382082
CVE-2006-400[56]: Multiple Remote Vulnerabilities in Bomberclone

version graph

Package: bomberclone; Maintainer for bomberclone is Bart Martens <bartm@debian.org>; Source for bomberclone is src:bomberclone.

Reported by: Stefan Fritsch <sf@sfritsch.de>

Date: Tue, 8 Aug 2006 18:48:05 UTC

Severity: grave

Tags: help, patch, security

Fixed in version bomberclone/0.11.7-1

Done: Bart Martens <bartm@knars.be>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Eduard Bloch <blade@debian.org>:
Bug#382082; Package bomberclone. Full text and rfc822 format available.

Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Eduard Bloch <blade@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Stefan Fritsch <sf@sfritsch.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2006-4006: Multiple Remote Vulnerabilities in Bomberclone
Date: Tue, 08 Aug 2006 20:44:47 +0200
Package: bomberclone
Severity: grave
Tags: security
Justification: user security hole

Multiple Vulnerabilities have been found in Bomberclone:

The do_gameinfo functionin BomberClone 0.11.6 and earlier, and
possibly other functions, does not reset the packet data size, which
causes the send_pkg function (packets.c) to use this data size when
sending a reply, and allows remote attackers to read portions of
server memory.

http://secunia.com/advisories/21303 lists 0.11.6.2 as vulnerable

See
http://aluigi.altervista.org/adv/bcloneboom-adv.txt
for details.

Please mention the CVE-id in the changelog.



Information forwarded to debian-bugs-dist@lists.debian.org, Eduard Bloch <blade@debian.org>:
Bug#382082; Package bomberclone. Full text and rfc822 format available.

Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
Extra info received and forwarded to list. Copy sent to Eduard Bloch <blade@debian.org>. Full text and rfc822 format available.

Message #10 received at 382082@bugs.debian.org (full text, mbox):

From: Stefan Fritsch <sf@sfritsch.de>
To: 382082@bugs.debian.org, control@bugs.debian.org
Subject: CVE-2006-400[56]: Multiple Remote Vulnerabilities in Bomberclone
Date: Tue, 8 Aug 2006 20:56:54 +0200
package bomberclone
retitle 382082 CVE-2006-400[56]: Multiple Remote Vulnerabilities in Bomberclone
thanks

CVE-2006-4005 is about bomberclone, too:

BomberClone 0.11.6 and earlier allows remote attackers to cause a
denial of service (daemon crash) via (1) a certain malformed
PKGF_ackreq packet, which triggers a crash in the rscache_add()
function in pkgcache.c; and (2) an error packet, which is intended to
be received by clients and force client shutdown, but also triggers
server shutdown.



Changed Bug title. Request was from Stefan Fritsch <sf@sfritsch.de> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Eduard Bloch <blade@debian.org>:
Bug#382082; Package bomberclone. Full text and rfc822 format available.

Acknowledgement sent to Eduard Bloch <edi@gmx.de>:
Extra info received and forwarded to list. Copy sent to Eduard Bloch <blade@debian.org>. Full text and rfc822 format available.

Message #17 received at 382082@bugs.debian.org (full text, mbox):

From: Eduard Bloch <edi@gmx.de>
To: Stefan Fritsch <sf@sfritsch.de>, 382082@bugs.debian.org
Cc: steffen@bomberclone.de
Subject: Re: Bug#382082: CVE-2006-400[56]: Multiple Remote Vulnerabilities in Bomberclone
Date: Sat, 12 Aug 2006 21:23:04 +0200
tags 382082 + help
thanks

Could you give me some hints to find an appropriate solution? I am a bit
exhausted with my spare time in these days.

Eduard.

#include <hallo.h>
* Stefan Fritsch [Tue, Aug 08 2006, 08:56:54PM]:
> package bomberclone
> retitle 382082 CVE-2006-400[56]: Multiple Remote Vulnerabilities in Bomberclone
> thanks
> 
> CVE-2006-4005 is about bomberclone, too:
> 
> BomberClone 0.11.6 and earlier allows remote attackers to cause a
> denial of service (daemon crash) via (1) a certain malformed
> PKGF_ackreq packet, which triggers a crash in the rscache_add()
> function in pkgcache.c; and (2) an error packet, which is intended to
> be received by clients and force client shutdown, but also triggers
> server shutdown.
> 




Tags added: help Request was from Eduard Bloch <edi@gmx.de> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Eduard Bloch <blade@debian.org>:
Bug#382082; Package bomberclone. Full text and rfc822 format available.

Acknowledgement sent to Julien Danjou <acid@debian.org>:
Extra info received and forwarded to list. Copy sent to Eduard Bloch <blade@debian.org>. Full text and rfc822 format available.

Message #24 received at 382082@bugs.debian.org (full text, mbox):

From: Julien Danjou <acid@debian.org>
To: Eduard Bloch <edi@gmx.de>
Cc: Stefan Fritsch <sf@sfritsch.de>, 382082@bugs.debian.org, steffen@bomberclone.de
Subject: Re: Bug#382082: CVE-2006-400[56]: Multiple Remote Vulnerabilities in Bomberclone
Date: Wed, 16 Aug 2006 10:28:49 +0200
[Message part 1 (text/plain, inline)]
On Sat, Aug 12, 2006 at 09:23:04PM +0200, Eduard Bloch wrote:
> tags 382082 + help
> thanks
> 
> Could you give me some hints to find an appropriate solution? I am a bit
> exhausted with my spare time in these days.

0.11.7 which fix these bugs has been released.

(If you still need help to package this version, even if I doubt, please,
just ask.)

Cheers,
-- 
Julien Danjou
.''`.  Debian Developer
: :' : http://julien.danjou.info
`. `'  http://people.debian.org/~acid
  `-   9A0D 5FD9 EB42 22F6 8974  C95C A462 B51E C2FE E5CD
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Eduard Bloch <blade@debian.org>:
Bug#382082; Package bomberclone. Full text and rfc822 format available.

Acknowledgement sent to Mohammed Adnène Trojette <adn+deb@diwi.org>:
Extra info received and forwarded to list. Copy sent to Eduard Bloch <blade@debian.org>. Full text and rfc822 format available.

Message #29 received at 382082@bugs.debian.org (full text, mbox):

From: Mohammed Adnène Trojette <adn+deb@diwi.org>
To: Eduard Bloch <edi@gmx.de>
Cc: Stefan Fritsch <sf@sfritsch.de>, 382082@bugs.debian.org, steffen@bomberclone.de
Subject: Re: Bug#382082: CVE-2006-400[56]: Multiple Remote Vulnerabilities in Bomberclone
Date: Sat, 19 Aug 2006 18:43:25 +0200
[Message part 1 (text/plain, inline)]
On Sat, Aug 12, 2006, Eduard Bloch wrote:
> tags 382082 + help
> thanks
> 
> Could you give me some hints to find an appropriate solution? I am a bit
> exhausted with my spare time in these days.

Hi Eduard, I hope you're doing well.

Here is a NMU diff that packages the last upstream release of
bomberclone. The NMU has the following changelog:

+bomberclone (0.11.7-0.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Bugfix new upstream release
+     - fixes CVE-2006-4005 and CVE-2006-4006. (Closes: #382082)
+     - fixes high CPU usage during menus. (Closes: #308540)
+     - removes dedicated server.
+     - fixes CVE-2006-0460.
+  * Bump Standards-Version to 3.7.2.
+  * Remove integrated CVE-2006-0460.dpatch.
+  * Remove bashisms in debian/rules.
+
+ -- Mohammed Adnène Trojette <adn+deb@diwi.org>  Sat, 19 Aug 2006 18:30:21 +0200

The diff includes all that is necessary to switch from 0.11.6.2-1 to
0.11.7-0.1.

However, I won't upload it unless you agree. It would even be better if
you could do a maintainer upload.

Please check that I did not misread #308540, bomberclone's ChangeLog and
the source code, as I believe that the new upstream version fixes the
Debian bug.

You will also find all the package I built at
http://adn.diwi.org/debian-QA/bomberclone/0.11.7-0.1/

I hope this helps,
-- 
adn
Mohammed Adnène Trojette
[bomberclone-0.11.7-0.1-nmu.diff (text/plain, attachment)]

Tags added: patch Request was from Mohammed Adnène Trojette <adn+deb@diwi.org> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Bart Martens <bartm@knars.be>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #36 received at 382082-close@bugs.debian.org (full text, mbox):

From: Bart Martens <bartm@knars.be>
To: 382082-close@bugs.debian.org
Subject: Bug#382082: fixed in bomberclone 0.11.7-1
Date: Mon, 21 Aug 2006 01:32:11 -0700
Source: bomberclone
Source-Version: 0.11.7-1

We believe that the bug you reported is fixed in the latest version of
bomberclone, which is due to be installed in the Debian FTP archive:

bomberclone-data_0.11.7-1_all.deb
  to pool/main/b/bomberclone/bomberclone-data_0.11.7-1_all.deb
bomberclone_0.11.7-1.diff.gz
  to pool/main/b/bomberclone/bomberclone_0.11.7-1.diff.gz
bomberclone_0.11.7-1.dsc
  to pool/main/b/bomberclone/bomberclone_0.11.7-1.dsc
bomberclone_0.11.7-1_i386.deb
  to pool/main/b/bomberclone/bomberclone_0.11.7-1_i386.deb
bomberclone_0.11.7-1_sparc.deb
  to pool/main/b/bomberclone/bomberclone_0.11.7-1_sparc.deb
bomberclone_0.11.7.orig.tar.gz
  to pool/main/b/bomberclone/bomberclone_0.11.7.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 382082@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bart Martens <bartm@knars.be> (supplier of updated bomberclone package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 20 Aug 2006 12:17:29 +0200
Source: bomberclone
Binary: bomberclone-data bomberclone
Architecture: source i386 sparc all
Version: 0.11.7-1
Distribution: unstable
Urgency: low
Maintainer: Bart Martens <bartm@knars.be>
Changed-By: Bart Martens <bartm@knars.be>
Description: 
 bomberclone - free Bomberman clone
 bomberclone-data - Data files for bomberclone game
Closes: 316569 382082
Changes: 
 bomberclone (0.11.7-1) unstable; urgency=low
 .
   * New maintainer.  Closes: #316569.
   * New upstream release.  Closes: #382082.  That fixes CVE-2006-4005 and
     CVE-2006-4006.
   * debian/*: Repackaged with dh-make 0.41.
   * debian/source.lintian-overrides: Added.
   * debian/watch: Added.
Files: 
 9ffa8dc587848649bb520a2be14f984b 687 games extra bomberclone_0.11.7-1.dsc
 48a1ed3b10d4b52cae4e478e5d8af740 8024434 games extra bomberclone_0.11.7.orig.tar.gz
 accec75fed0047231641b40b30c17d71 7081 games extra bomberclone_0.11.7-1.diff.gz
 6565b5b6f6e7ae773418e23410e73be3 102064 games extra bomberclone_0.11.7-1_i386.deb
 3133cb10494edfa5c9917ecd389d23f5 7597462 games extra bomberclone-data_0.11.7-1_all.deb
 5b4bb9926f745e25d73435a9c108744a 107678 games extra bomberclone_0.11.7-1_sparc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFE6WcGipBneRiAKDwRArN2AJ4xU41hIgGRdo8OcVxC39nxl12DLACeLkIS
hA4VJ3mVHe5Z4gnYr/Cw0Ck=
=8LWd
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jun 2007 19:49:17 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 15:05:01 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.