Armagetron Advanced / Patches / #4 Security fixes for denial of service attacks

#4 Security fixes for denial of service attacks

Status: open

Owner: nobody

Labels: None

Priority: 9

Updated: 2006-08-04

Created: 2006-08-04

Creator: Manuel Moos

Private: No

This fixes the recently discovered security problems.

0.2.8.X and 0.3.0 are affected by:
- A forged client can request too many network object
ID numbers from the client, freezing it
- A clumsy remote administrator can issue commands
that produce too much output, freezing the server

All versions are affected by:
- A forged client can send network objects with wrong
owner information, crashing/terminating the server

The patch for 0.2.6 is yet untested, the current
client can't connect to a 0.2.6 server on the LAN.

Discussion

Manuel Moos - 2006-08-04

Patch for 0.2.6.X and 0.2.7.0

armagetronad-0.2.6-security-1.patch

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Manuel Moos - 2006-08-04

Logged In: YES
user_id=34808

Patch for 0.2.7.1

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Manuel Moos - 2006-08-04

Patch for 0.2.8.X and 0.3.0

armagetronad-0.2.8.2-security-1.patch

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Manuel Moos - 2006-08-05

Logged In: YES
user_id=34808

The 0.2.6 patch was tested with an modified 0.2.6 client as
the attacker and worked fine.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Manuel Moos - 2006-08-05

Patch for 0.2.7.1

armagetronad-0.2.7.1-security-1.patch

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Security fixes for denial of service attacks

Group

Searches

Help

#4 Security fixes for denial of service attacks

Discussion