Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0048

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-0048
Last Modified 27 Aug 2012 12:00:00
Published 25 Aug 2012 06:29:49
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0048

Summary

OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial of service (game pause) by connecting to the server and not finishing the (1) authorization phase or (2) map download, aka a "slow read" attack.

Vulnerable Systems

Application

  • Openttd 0.3.5

  • Openttd 0.3.6

  • Openttd 0.3.7

  • Openttd 0.4.0

  • Openttd 0.4.0.1

  • Openttd 0.4.5

  • Openttd 0.4.6

  • Openttd 0.4.7

  • Openttd 0.4.8

  • Openttd 0.5.0

  • Openttd 0.5.1

  • Openttd 0.5.2

  • Openttd 0.5.3

  • Openttd 0.6.0

  • Openttd 0.6.1

  • Openttd 0.6.2

  • Openttd 0.6.2-rc1

  • Openttd 0.6.2-rc2

  • Openttd 0.6.3

  • Openttd 0.7.0

  • Openttd 0.7.1

  • Openttd 0.7.2

  • Openttd 0.7.3

  • Openttd 0.7.4

  • Openttd 0.7.5

  • Openttd 1.0.0

  • Openttd 1.0.1

  • Openttd 1.0.2

  • Openttd 1.0.3

  • Openttd 1.0.4

  • Openttd 1.0.5

  • Openttd 1.1.3

  • Openttd 1.1.4


References

MISC - http://www.tt-forums.net/viewtopic.php?f=33&t=58073&hilit=pause#p989303

MLIST - [oss-security] 20120113 Re: CVE request for OpenTTD

MLIST - [oss-security] 20120107 CVE request for OpenTTD

DEBIAN - DSA-2524

CONFIRM - http://vcs.openttd.org/svn/changeset/23764

CONFIRM - http://security.openttd.org/en/CVE-2012-0049

SECUNIA - 50137

CONFIRM - http://bugs.openttd.org/task/4955


Last Updated: 27 May 2016 11:00:18