MantisBT - Doomseeker
View Issue Details
0003665Doomseeker[All Projects] Documentationpublic2019-06-21 21:112019-08-01 05:01
WubTheCaptain 
 
highfeatureN/A
resolvedfixed 
1.1 
1.31.4 
0003665: Missing CVE Identifier for issue /tracker/view.php?id=3660 (remote denial of service in SRB2 engine plugin)
Pertaining to Doomseeker 1.3 changelogs, I'd like to include a CVE Identifier to refer to the remote denial of service bug in SRB2 engine. I haven't requested one, but intend to do so.
See relationships of this issue.
A vulnerability was found in Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive), distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server, allowing a remote attacker to cause a potential crash / denial of service in Doomseeker.

The issue has been remediated in Doomseeker 1.3 release with source code patches to the SRB2 plugin (EP_Version 12).

References:
  • https://bitbucket.org/Doomseeker/doomseeker/commits/b9a90f1f56e704c5cbeefe83da2f9ce939920278
  • https://bitbucket.org/Doomseeker/doomseeker/commits/ae456aac888cb794ea3292f7f99cb87d6b22a555
  • https://bitbucket.org/Doomseeker/doomseeker/pull-requests/74/more-openbsd-issues-3654-the-srb2-thingy/diff
  • https://zandronum.com/tracker/view.php?id=3660
No tags attached.
child of 0003660closed Pol M SRB2 plugin: Mangled memory values (runtime crashes) 
eml CVE Request 712592 for CVE ID Request.eml (8,454) 2019-06-21 22:21
https://zandronum.com/tracker/file_download.php?file_id=2490&type=bug
Issue History
2019-06-21 21:11WubTheCaptainNew Issue
2019-06-21 21:11WubTheCaptainStatusnew => assigned
2019-06-21 21:11WubTheCaptainAssigned To => WubTheCaptain
2019-06-21 21:11WubTheCaptainRelationship addedchild of 0003660
2019-06-21 21:24WubTheCaptainNote Added: 0020796
2019-06-21 21:51WubTheCaptainAdditional Information Updatedbug_revision_view_page.php?rev_id=12661#r12661
2019-06-21 21:52WubTheCaptainAdditional Information Updatedbug_revision_view_page.php?rev_id=12662#r12662
2019-06-21 21:54WubTheCaptainAdditional Information Updatedbug_revision_view_page.php?rev_id=12663#r12663
2019-06-21 21:55WubTheCaptainSteps to Reproduce Updatedbug_revision_view_page.php?rev_id=12665#r12665
2019-06-21 21:55WubTheCaptainAdditional Information Updatedbug_revision_view_page.php?rev_id=12666#r12666
2019-06-21 22:19WubTheCaptainNote Added: 0020797
2019-06-21 22:19WubTheCaptainStatusassigned => needs review
2019-06-21 22:21WubTheCaptainFile Added: CVE Request 712592 for CVE ID Request.eml
2019-06-21 22:24WubTheCaptainAdditional Information Updatedbug_revision_view_page.php?rev_id=12667#r12667
2019-06-21 22:37WubTheCaptainProduct Version1.2 => 1.1
2019-06-22 06:36FilysteaNote Added: 0020798
2019-06-22 10:28WubTheCaptainNote Deleted: 0020798
2019-06-22 11:29WubTheCaptainAdditional Information Updatedbug_revision_view_page.php?rev_id=12672#r12672
2019-06-23 02:49WubTheCaptainNote Added: 0020811
2019-06-24 22:15WubTheCaptainNote Added: 0020830
2019-06-28 17:47WubTheCaptainNote Added: 0020844
2019-06-28 17:47WubTheCaptainAssigned ToWubTheCaptain =>
2019-06-28 17:47WubTheCaptainStatusneeds review => needs testing
2019-06-28 17:47WubTheCaptainNote Edited: 0020844bug_revision_view_page.php?bugnote_id=20844#r12701
2019-06-28 20:45FilysteaNote Added: 0020845
2019-06-30 05:46ZalewaStatusneeds testing => resolved
2019-06-30 05:46ZalewaFixed in Version => 1.3
2019-06-30 05:46ZalewaResolutionopen => fixed
2019-06-30 05:46ZalewaAssigned To => Zalewa
2019-06-30 05:49ZalewaNote Deleted: 0020845
2019-07-28 01:52WubTheCaptainNote Added: 0020925
2019-07-28 01:52WubTheCaptainStatusresolved => new
2019-07-28 01:52WubTheCaptainResolutionfixed => reopened
2019-07-28 01:52WubTheCaptainFixed in Version1.3 =>
2019-07-28 01:52WubTheCaptainTarget Version1.3 =>
2019-07-28 17:19Pol MAssigned ToZalewa => Pol M
2019-07-28 17:19Pol MStatusnew => assigned
2019-07-28 17:34Pol MNote Added: 0020927
2019-07-28 17:34Pol MStatusassigned => needs review
2019-07-28 19:41Pol MNote Edited: 0020927bug_revision_view_page.php?bugnote_id=20927#r12750
2019-07-28 19:42Pol MStatusneeds review => resolved
2019-07-28 19:42Pol MFixed in Version => 1.3
2019-07-28 19:42Pol MResolutionreopened => fixed
2019-07-29 01:05WubTheCaptainNote Added: 0020930
2019-07-29 01:05WubTheCaptainAssigned ToPol M =>
2019-07-29 01:05WubTheCaptainResolutionfixed => suspended
2019-07-29 01:05WubTheCaptainFixed in Version1.3 =>
2019-08-01 05:00WubTheCaptainTarget Version => 1.4
2019-08-01 05:01WubTheCaptainResolutionsuspended => fixed
2019-08-01 05:01WubTheCaptainFixed in Version => 1.4
2019-08-01 05:01WubTheCaptainTarget Version1.4 => 1.3

Notes
(0020796)
WubTheCaptain   
2019-06-21 21:24   
As far as I know, the SRB2 engine was released with Doomseeker 1.1. The vulnerability was fixed with two commits: b9a90f1f56e704c5cbeefe83da2f9ce939920278 and ae456aac888cb794ea3292f7f99cb87d6b22a555's change to src/plugins/srb2/srb2masterclient.cpp.

If Zalewa has an intention to release a Doomseeker 1.3 beta channel update, I can reference that as a version number where the bug is first fixed (for affected versions).
(0020797)
WubTheCaptain   
2019-06-21 22:19   
CVE ID requested, waiting.
(0020811)
WubTheCaptain   
2019-06-23 02:49   
Quote from WubTheCaptain
CVE ID requested, waiting.


I am still waiting for a response, which may take until early next week (Monday-ish?).
(0020830)
WubTheCaptain   
2019-06-24 22:15   
Nothing to report yet. I'll give it few more days.
(0020844)
WubTheCaptain   
2019-06-28 17:47   
Use CVE-2019-12968.

(Someone acknowledge this issue by setting its status to resolved, thanks!)

(0020925)
WubTheCaptain   
2019-07-28 01:52   
Reopening.

This didn't make it to the changelogs of Doomseeker 1.3 stable release. What do?
(0020927)
Pol M   
2019-07-28 17:34   
(edited on: 2019-07-28 19:41)
PR
EDIT: pushed.

(0020930)
WubTheCaptain   
2019-07-29 01:05   
suspending until we have a tag for new target version/fixed in version