Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3436

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-3436
Last Modified 04 Jan 2013 12:00:00
Published 09 Oct 2012 02:55:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3436

Summary

OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to clear a water tile, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a certain sequence of steps related to "the water/coast aspect of tiles which also have railtracks on one half."

Vulnerable Systems

Application

  • Openttd 0.6.0

  • Openttd 0.6.1

  • Openttd 0.6.2

  • Openttd 0.6.3

  • Openttd 0.7.0

  • Openttd 0.7.1

  • Openttd 0.7.2

  • Openttd 0.7.3

  • Openttd 0.7.4

  • Openttd 0.7.5

  • Openttd 1.0.0

  • Openttd 1.0.1

  • Openttd 1.0.2

  • Openttd 1.0.3

  • Openttd 1.0.4

  • Openttd 1.0.5

  • Openttd 1.1.0

  • Openttd 1.1.1

  • Openttd 1.1.2

  • Openttd 1.1.3

  • Openttd 1.1.4

  • Openttd 1.1.5

  • Openttd 1.2.0

  • Openttd 1.2.1


References

XF - openttd-water-dos(77266)

BID - 54720

MLIST - [oss-security] 20120731 Re: CVE request for OpenTTD

MLIST - [oss-security] 20120728 Re: CVE request for OpenTTD

MLIST - [oss-security] 20120727 CVE request for OpenTTD

CONFIRM - http://vcs.openttd.org/svn/changeset/24449

CONFIRM - http://vcs.openttd.org/svn/changeset/24439

CONFIRM - http://security.openttd.org/en/CVE-2012-3436

SECUNIA - 50042

CONFIRM - http://bugs.openttd.org/task/5254

SUSE - openSUSE-SU-2012:1063


Last Updated: 27 May 2016 11:01:33