OpenTTD Multiple Use-after-free Denial Of Service Vulnerability Network Vulnerability

Summary

This host is installed with OpenTTD and is prone to multiple denial of service vulnerability.

Impact

Successful exploitation will allow remote attackers to deny service to legitimate users or arbitrary code execution. Impact Level: System/Application

Solution

Upgrade to the latest version of OpenTTD 1.0.5 or later, For updates refer to http://www.openttd.org

Insight

The flaw is due to a use-after-free error, when a client disconnects without sending the 'quit' or 'client error' message. This could cause a vulnerable server to read from or write to freed memory leading to a denial of service or it can also lead to arbitrary code execution.

Affected

OpenTTD version before 1.0.5

References

http://security.openttd.org/en/CVE-2010-4168
http://security.openttd.org/en/patch/28.patch

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4168
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apple Safari Malformed URI Remote DoS Vulnerability (Win)
Apache Subversion 'mod_dav_svn' log REPORT Request DoS Vulnerability
Dopewars Server 'REQUESTJET' Message Remote Denial of Service Vulnerability
Crash SMC AP
Denial Of Service Vulnerability in PHP April-09

OpenTTD Multiple use-after-free Denial of Service vulnerability

Take action and discover your vulnerabilities