[netrek-dev] security fix, SP_MOTD, information classification violation

Mon Jun 25 03:54:33 CDT 2007

G'day,

The attached patch closes a security vulnerability in versions of the
Netrek Vanilla Server from 2.13.0 and prior.

When assembling the SP_MOTD "message of the day" packet, which includes
an 80-byte character array with a NUL termination, the server was not
clearing the buffer first, and so unintentional data from the stack was
also being transmitted.

No known use of this data exists at this time, but you never know.

The flaw was discovered while writing new client code to process SP_MOTD
packets.

-- 
James Cameron    mailto:quozl at us.netrek.org     http://quozl.netrek.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: netrek-server-vanilla-2.12-security-motd.patch
Type: text/x-diff
Size: 1250 bytes
Desc: not available
Url : http://mailman.us.netrek.org/pipermail/netrek-dev/attachments/20070625/cdef13eb/attachment.patch 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.us.netrek.org/pipermail/netrek-dev/attachments/20070625/cdef13eb/attachment.pgp 