Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-4007

Unspecified vulnerability in the NormaliseTrainConsist function in src/train_cmd.cpp in OpenTTD before 0.7.5-RC1 allows remote attackers to cause a denial of service (daemon crash) via certain game actions involving a wagon and a dual-headed engine.

Related bugs and status

CVE-2009-4007 (Candidate) is related to these bugs:

Bug #503725: CVE-2009-4007 (DoS of OpenTTD < 0.7.5)

		In	Importance	Status
503725	CVE-2009-4007 (DoS of OpenTTD < 0.7.5)	openttd (Ubuntu)	Low	Fix Released
503725	CVE-2009-4007 (DoS of OpenTTD < 0.7.5)	openttd (Ubuntu Hardy)	Low	Won't Fix
503725	CVE-2009-4007 (DoS of OpenTTD < 0.7.5)	openttd (Ubuntu Jaunty)	Low	Won't Fix
503725	CVE-2009-4007 (DoS of OpenTTD < 0.7.5)	openttd (Ubuntu Karmic)	Low	Won't Fix
503725	CVE-2009-4007 (DoS of OpenTTD < 0.7.5)	openttd (Ubuntu Lucid)	Low	Fix Released
503725	CVE-2009-4007 (DoS of OpenTTD < 0.7.5)	openttd (Ubuntu Maverick)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2009122...
CONFIRM: http://binaries.opentt...
CONFIRM: http://vcs.openttd.org...
CONFIRM: http://www.openttd.org...
BID: 37487
OSVDB: 61356
SECUNIA: 37929
VUPEN: ADV-2009-3645
FEDORA: FEDORA-2010-0135
FEDORA: FEDORA-2010-0144
SECUNIA: 37984