Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow remote attackers to execute arbitrary code via various (1) GLConsole::addLine, (2) ServerCommon::sendString, (3) ServerCommon::serverLog functions, (4) a long command that is not properly handled in ComsMessageHandler.cpp when generating an error message, (5) a long UniqueID value in Logger.cpp, and possibly other unspecified vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Scorched_3d | Scorched_3d | 39.1 (including) | 39.1 (including) |
| Scorched3d | Ubuntu | dapper | * |
| Scorched3d | Ubuntu | devel | * |
| Scorched3d | Ubuntu | edgy | * |
| Scorched3d | Ubuntu | feisty | * |
References
- http://aluigi.altervista.org/adv/scorchbugs-adv.txt
- http://marc.info/?l=full-disclosure\u0026m=113095941031946\u0026w=2
- http://secunia.com/advisories/17423
- http://www.gentoo.org/security/en/glsa/glsa-200511-12.xml
- http://www.osvdb.org/20468
- http://www.osvdb.org/20469
- http://www.securityfocus.com/bid/15292
- http://www.vupen.com/english/advisories/2005/2288
- http://aluigi.altervista.org/adv/scorchbugs-adv.txt
- http://marc.info/?l=full-disclosure\u0026m=113095941031946\u0026w=2
- http://secunia.com/advisories/17423
- http://www.gentoo.org/security/en/glsa/glsa-200511-12.xml
- http://www.osvdb.org/20468
- http://www.osvdb.org/20469
- http://www.securityfocus.com/bid/15292
- http://www.vupen.com/english/advisories/2005/2288