BID:39871

OpenTTD Spectator Company Password Packet Remote Denial of Service Vulnerability

Info

OpenTTD Spectator Company Password Packet Remote Denial of Service Vulnerability

Bugtraq ID:	39871
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2010-0401
Remote:	Yes
Local:	No
Published:	May 01 2010 12:00AM
Updated:	Apr 13 2015 09:27PM
Credit:	Zdenek Sojka (SmatZ); OpenTTD
Vulnerable:	OpenTTD OpenTTD 1.0 OpenTTD OpenTTD 0.7.5 OpenTTD OpenTTD 0.7.4 OpenTTD OpenTTD 0.6.3 OpenTTD OpenTTD 0.6.2 OpenTTD OpenTTD 0.6.1 OpenTTD OpenTTD 0.5.3 OpenTTD OpenTTD 0.5.1 OpenTTD OpenTTD 0.5 OpenTTD OpenTTD 0.4.7 OpenTTD OpenTTD 0.4 .0.1 OpenTTD OpenTTD 0.3.5 OpenTTD OpenTTD 0.7

Not Vulnerable:	OpenTTD OpenTTD 1.0.1

Discussion

OpenTTD Spectator Company Password Packet Remote Denial of Service Vulnerability

OpenTTD is prone to a remote denial-of-service vulnerability because it fails to handle exceptional user-supplied input.

Successfully exploiting this issue will allow remote attackers to crash the affected application, denying service to legitimate users.

Versions prior to OpenTTD 1.0.1 are vulnerable.

Exploit / POC

OpenTTD Spectator Company Password Packet Remote Denial of Service Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

OpenTTD Spectator Company Password Packet Remote Denial of Service Vulnerability

Solution:
Updates are available. Please see the references for more information.

OpenTTD OpenTTD 0.7