Armagetron Advanced

Tracker: Patches

9 Security fixes for denial of service attacks - ID: 1534859

Last Update: Attachment added ( z-man )

Details:

This fixes the recently discovered security problems.

0.2.8.X and 0.3.0 are affected by:
- A forged client can request too many network object
ID numbers from the client, freezing it
- A clumsy remote administrator can issue commands
that produce too much output, freezing the server

All versions are affected by:
- A forged client can send network objects with wrong
owner information, crashing/terminating the server

The patch for 0.2.6 is yet untested, the current
client can't connect to a 0.2.6 server on the LAN.

Submitted:

Manuel Moos ( z-man ) - 2006-08-04 23:34

Priority:

Status:

Open

Resolution:

None

Assigned:

Nobody/Anonymous

Category:

None

Group:

None

Visibility:

Public

Comments ( 2 )

Date: 2006-08-05 00:02 Sender: z-man Logged In: YES user_id=34808 The 0.2.6 patch was tested with an modified 0.2.6 client as the attacker and worked fine.
Date: 2006-08-04 23:35 Sender: z-man Logged In: YES user_id=34808 Patch for 0.2.7.1

Log in to comment.

Attached Files ( 3 )

Filename	Description	Download
armagetronad-0.2.6-security-1.patch	Patch for 0.2.6.X and 0.2.7.0	Download
armagetronad-0.2.8.2-security-1.patch	Patch for 0.2.8.X and 0.3.0	Download
armagetronad-0.2.7.1-security-1.patch	Patch for 0.2.7.1	Download

Changes ( 5 )

Field	Old Value	Date	By
File Added	187690: armagetronad-0.2.7.1-security-1.patch	2006-08-05 00:03	z-man
File Deleted	187685:	2006-08-05 00:03	z-man
File Added	187686: armagetronad-0.2.8.2-security-1.patch	2006-08-04 23:35	z-man
File Added	187685: armagetronad-0.2.7.1-security-1.patch	2006-08-04 23:35	z-man
File Added	187684: armagetronad-0.2.6-security-1.patch	2006-08-04 23:34	z-man

Armagetron Advanced

Tracker: Patches

Comments ( 2 )

Log in to comment.

Attached Files ( 3 )

Changes ( 5 )

About SourceForge

Find Software

Develop Software

Community

Help