Version 0.2.8.3.2 of the multiplayer lightcycle game Armagetron Advanced has been released, fixing several vulnerabilities.
The most important vulnerability let modified clients send servers into infinite loops by exploiting a bug in handling the very, very old cycle turn command protocol.
The second vulnerability allowed anyone with enough access rights to execute "/admin include" to gain owner rights on a server and take it over for as long as it kept running.
The third problem are bugs in handling too large and/or forged network packages; they may result in reads from unallocated memory and thus server crashes.
Also, the source has been adapted to compile and run with gcc 4.6; previous versions would only compile with -fpermissive and authentication requests would get stuck in infinite loops in background threads.
On top of those fixes, a couple of minor bugs were eliminated: spelling fixes, for the most part.
Log in to post a comment.