Detections
Analytics

FreeBSD : OpenTTD -- Denial of service (server/client) via invalid read (373e412e-f748-11df-96cd-0015f2db7bde)

medium Nessus Plugin ID 50699

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The OpenTTD Team reports :

When a client disconnects, without sending the 'quit' or 'client error' message, the server has a chance of reading and writing a just freed piece of memory. The writing can only happen while the server is sending the map. Depending on what happens directly after freeing the memory there is a chance of segmentation fault, and thus a denial of service.

Solution

Update the affected package.

See Also

http://security.openttd.org/en/CVE-2010-4168

http://www.nessus.org/u?321d45c9

Plugin Details

Severity: Medium

ID: 50699

File Name: freebsd_pkg_373e412ef74811df96cd0015f2db7bde.nasl

Version: 1.8

Type: local

Published: 11/24/2010

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:openttd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 11/23/2010

Vulnerability Publication Date: 11/20/2010

Reference Information

CVE: CVE-2010-4168