Vulnerability Bulletins

int(3500)

Vulnerability Bulletins

Denegación de servicio en Wesnoth
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Denegación de Servicio
Dificulty	Experto
Required attacker level	Acceso remoto sin cuenta a un servicio estandar
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	Wesnoth < 1.2.7
Description
Se ha encontrado una vulnerabilidad en Wesnoth en las versiones anteriores a la 1.2.7. La vulnerabilidad reside en un error en el motor multiplayer que además afecta a la función truncate_message en el archivo server/server.cpp. Un atacante remoto podría causar una denegación de servicio mediante un mensaje grande con caracteres multibyte que pueden producir una cadena de caracteres UTF-8 inválida después de que sea truncada que provoca una excepción no controlada.
Solution
Actualización de software Debian (DSA 1386-1) Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6.dsc http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6.diff.gz http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-data_0.9.0-6_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ei_0.9.0-6_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-httt_0.9.0-6_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-music_0.9.0-6_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-sotbe_0.9.0-6_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-tdh_0.9.0-6_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-trow_0.9.0-6_all.deb Alpha http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_alpha.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_alpha.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_alpha.deb AMD64 http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_amd64.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_amd64.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_amd64.deb ARM http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_arm.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_arm.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_arm.deb HP Precision http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_hppa.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_hppa.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_hppa.deb Intel IA-32 http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_i386.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_i386.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_ia64.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_ia64.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_ia64.deb Motorola 680x0 http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_m68k.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_m68k.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_m68k.deb Little endian MIPS http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_mipsel.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_mipsel.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_powerpc.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_powerpc.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_s390.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_s390.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_sparc.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_sparc.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_sparc.deb Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6.dsc http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6.diff.gz http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-data_0.9.0-6_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ei_0.9.0-6_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-httt_0.9.0-6_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-music_0.9.0-6_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-sotbe_0.9.0-6_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-tdh_0.9.0-6_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-trow_0.9.0-6_all.deb Alpha http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_alpha.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_alpha.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_alpha.deb AMD64 http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_amd64.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_amd64.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_amd64.deb ARM http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_arm.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_arm.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_arm.deb HP Precision http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_hppa.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_hppa.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_hppa.deb Intel IA-32 http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_i386.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_i386.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_ia64.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_ia64.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_ia64.deb Motorola 680x0 http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_m68k.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_m68k.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_m68k.deb Little endian MIPS http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_mipsel.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_mipsel.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_powerpc.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_powerpc.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_s390.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_s390.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_sparc.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_sparc.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_sparc.deb Debian (DSA 1386-2) Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6.dsc http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6.diff.gz http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-data_0.9.0-6_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ei_0.9.0-6_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-httt_0.9.0-6_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-music_0.9.0-6_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-sotbe_0.9.0-6_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-tdh_0.9.0-6_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-trow_0.9.0-6_all.deb Alpha http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_alpha.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_alpha.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_alpha.deb AMD64 http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_amd64.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_amd64.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_amd64.deb ARM http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_arm.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_arm.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_arm.deb HP Precision http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_hppa.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_hppa.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_hppa.deb Intel IA-32 http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_i386.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_i386.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_ia64.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_ia64.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_ia64.deb Motorola 680x0 http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_m68k.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_m68k.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_m68k.deb Little endian MIPS http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_mipsel.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_mipsel.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_powerpc.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_powerpc.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_s390.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_s390.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_sparc.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_sparc.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_sparc.deb Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2.dsc http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2.diff.gz http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-data_1.2-2_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ei_1.2-2_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-httt_1.2-2_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-music_1.2-2_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-trow_1.2-2_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-tsg_1.2-2_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ttb_1.2-2_all.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-utbs_1.2-2_all.deb Alpha http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_alpha.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_alpha.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_alpha.deb AMD64 http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_amd64.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_amd64.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_amd64.deb ARM http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_arm.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_arm.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_arm.deb HP Precision http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_hppa.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_hppa.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_hppa.deb Intel IA-32 http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_i386.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_i386.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_ia64.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_ia64.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_ia64.deb Big endian MIPS http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_mips.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_mips.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_mipsel.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_mipsel.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_powerpc.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_powerpc.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_s390.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_s390.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_sparc.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_sparc.deb http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_sparc.deb
Standar resources
Property	Value
CVE	CVE-2007-3917
BID	25995
Other resources
Debian Security Advisory (DSA 1386-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00160.html Debian Security Advisory (DSA 1386-2) http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00161.html

Version history
Version	Comments	Date
1.0	Aviso emitido	2007-10-16

Vulnerability Bulletins

Denegación de servicio en Wesnoth

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history