FreeBSD : OpenTTD -- Denial of service (server) via slow read attack (1ac858b0-3fae-11e1-a127-0013d3ccd9df)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The OpenTTD Team reports :

Using a slow read type attack it is possible to prevent anyone from
joining a server with virtually no resources. Once downloading the map
no other downloads of the map can start, so downloading really slowly
will prevent others from joining. This can be further aggravated by
the pause-on-join setting in which case the game is paused and the
players cannot continue the game during such an attack. This attack
requires that the user is not banned and passes the authorization to
the server, although for many servers there is no server password and
thus authorization is easy.

See also :

http://security.openttd.org/en/CVE-2012-0049
http://www.nessus.org/u?15734f20

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 57585 ()

Bugtraq ID:

CVE ID: CVE-2012-0049

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now