|Anonymous | Login | Signup for a new account||2019-07-22 05:31 UTC|
|My View | View Issues | Change Log | Roadmap | Doomseeker Issue Support Ranking | Rules | My Account|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0003665||Doomseeker||[All Projects] Documentation||public||2019-06-21 21:11||2019-06-30 05:46|
|Target Version||1.3||Fixed in Version||1.3|
|Summary||0003665: Missing CVE Identifier for issue 0003660 (remote denial of service in SRB2 engine plugin)|
|Description||Pertaining to Doomseeker 1.3 changelogs, I'd like to include a CVE Identifier to refer to the remote denial of service bug in SRB2 engine. I haven't requested one, but intend to do so.|
|Steps To Reproduce||See relationships of this issue.|
|Additional Information||A vulnerability was found in Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive), distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server, allowing a remote attacker to cause a potential crash / denial of service in Doomseeker.|
The issue has been remediated in Doomseeker 1.3 release with source code patches to the SRB2 plugin (EP_Version 12).
|Attached Files||CVE Request 712592 for CVE ID Request.eml [^] (8,454 bytes) 2019-06-21 22:21|
As far as I know, the SRB2 engine was released with Doomseeker 1.1. The vulnerability was fixed with two commits: b9a90f1f56e704c5cbeefe83da2f9ce939920278 and ae456aac888cb794ea3292f7f99cb87d6b22a555's change to src/plugins/srb2/srb2masterclient.cpp.
If Zalewa has an intention to release a Doomseeker 1.3 beta channel update, I can reference that as a version number where the bug is first fixed (for affected versions).
|CVE ID requested, waiting.|
Quote from WubTheCaptain
I am still waiting for a response, which may take until early next week (Monday-ish?).
|Nothing to report yet. I'll give it few more days.|
edited on: 2019-06-28 17:47
(Someone acknowledge this issue by setting its status to resolved, thanks!)
This issue is already marked as resolved.
If you feel that is not the case, please reopen it and explain why.
|Supporters:||No one explicitly supports this issue yet.|
|Opponents:||No one explicitly opposes this issue yet.|
|2019-06-21 21:11||WubTheCaptain||New Issue|
|2019-06-21 21:11||WubTheCaptain||Status||new => assigned|
|2019-06-21 21:11||WubTheCaptain||Assigned To||=> WubTheCaptain|
|2019-06-21 21:11||WubTheCaptain||Relationship added||child of 0003660|
|2019-06-21 21:24||WubTheCaptain||Note Added: 0020796|
|2019-06-21 21:51||WubTheCaptain||Additional Information Updated||View Revisions|
|2019-06-21 21:52||WubTheCaptain||Additional Information Updated||View Revisions|
|2019-06-21 21:54||WubTheCaptain||Additional Information Updated||View Revisions|
|2019-06-21 21:55||WubTheCaptain||Steps to Reproduce Updated||View Revisions|
|2019-06-21 21:55||WubTheCaptain||Additional Information Updated||View Revisions|
|2019-06-21 22:19||WubTheCaptain||Note Added: 0020797|
|2019-06-21 22:19||WubTheCaptain||Status||assigned => needs review|
|2019-06-21 22:21||WubTheCaptain||File Added: CVE Request 712592 for CVE ID Request.eml|
|2019-06-21 22:24||WubTheCaptain||Additional Information Updated||View Revisions|
|2019-06-21 22:37||WubTheCaptain||Product Version||1.2 => 1.1|
|2019-06-22 06:36||Filystea||Note Added: 0020798|
|2019-06-22 10:28||WubTheCaptain||Note Deleted: 0020798|
|2019-06-22 11:29||WubTheCaptain||Additional Information Updated||View Revisions|
|2019-06-23 02:49||WubTheCaptain||Note Added: 0020811|
|2019-06-24 22:15||WubTheCaptain||Note Added: 0020830|
|2019-06-28 17:47||WubTheCaptain||Note Added: 0020844|
|2019-06-28 17:47||WubTheCaptain||Assigned To||WubTheCaptain =>|
|2019-06-28 17:47||WubTheCaptain||Status||needs review => needs testing|
|2019-06-28 17:47||WubTheCaptain||Note Edited: 0020844||View Revisions|
|2019-06-28 20:45||Filystea||Note Added: 0020845|
|2019-06-30 05:46||Zalewa||Status||needs testing => resolved|
|2019-06-30 05:46||Zalewa||Fixed in Version||=> 1.3|
|2019-06-30 05:46||Zalewa||Resolution||open => fixed|
|2019-06-30 05:46||Zalewa||Assigned To||=> Zalewa|
|2019-06-30 05:49||Zalewa||Note Deleted: 0020845|
Questions or other issues? Contact Us.
|Copyright © 2000 - 2019 MantisBT Team|