Zandronum Chat @ irc.zandronum.com
#zandronum
Get the latest version: 3.0
Source Code

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0003665Doomseeker[All Projects] Documentationpublic2019-06-21 21:112019-08-01 05:01
ReporterWubTheCaptain 
Assigned To 
PriorityhighSeverityfeatureReproducibilityN/A
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version1.1 
Target Version1.3Fixed in Version1.4 
Summary0003665: Missing CVE Identifier for issue 0003660 (remote denial of service in SRB2 engine plugin)
DescriptionPertaining to Doomseeker 1.3 changelogs, I'd like to include a CVE Identifier to refer to the remote denial of service bug in SRB2 engine. I haven't requested one, but intend to do so.
Steps To ReproduceSee relationships of this issue.
Additional InformationA vulnerability was found in Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive), distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server, allowing a remote attacker to cause a potential crash / denial of service in Doomseeker.

The issue has been remediated in Doomseeker 1.3 release with source code patches to the SRB2 plugin (EP_Version 12).

References:
  • https://bitbucket.org/Doomseeker/doomseeker/commits/b9a90f1f56e704c5cbeefe83da2f9ce939920278
  • https://bitbucket.org/Doomseeker/doomseeker/commits/ae456aac888cb794ea3292f7f99cb87d6b22a555
  • https://bitbucket.org/Doomseeker/doomseeker/pull-requests/74/more-openbsd-issues-3654-the-srb2-thingy/diff
  • https://zandronum.com/tracker/view.php?id=3660
Attached Fileseml file icon CVE Request 712592 for CVE ID Request.eml [^] (8,454 bytes) 2019-06-21 22:21

- Relationships
child of 0003660closedPol M SRB2 plugin: Mangled memory values (runtime crashes) 

-  Notes
User avatar (0020796)
WubTheCaptain (developer)
2019-06-21 21:24

As far as I know, the SRB2 engine was released with Doomseeker 1.1. The vulnerability was fixed with two commits: b9a90f1f56e704c5cbeefe83da2f9ce939920278 and ae456aac888cb794ea3292f7f99cb87d6b22a555's change to src/plugins/srb2/srb2masterclient.cpp.

If Zalewa has an intention to release a Doomseeker 1.3 beta channel update, I can reference that as a version number where the bug is first fixed (for affected versions).
User avatar (0020797)
WubTheCaptain (developer)
2019-06-21 22:19

CVE ID requested, waiting.
User avatar (0020811)
WubTheCaptain (developer)
2019-06-23 02:49

Quote from WubTheCaptain
CVE ID requested, waiting.


I am still waiting for a response, which may take until early next week (Monday-ish?).
User avatar (0020830)
WubTheCaptain (developer)
2019-06-24 22:15

Nothing to report yet. I'll give it few more days.
User avatar (0020844)
WubTheCaptain (developer)
2019-06-28 17:47
edited on: 2019-06-28 17:47

Use CVE-2019-12968.

(Someone acknowledge this issue by setting its status to resolved, thanks!)

User avatar (0020925)
WubTheCaptain (developer)
2019-07-28 01:52

Reopening.

This didn't make it to the changelogs of Doomseeker 1.3 stable release. What do?
User avatar (0020927)
Pol M (developer)
2019-07-28 17:34
edited on: 2019-07-28 19:41

PR
EDIT: pushed.

User avatar (0020930)
WubTheCaptain (developer)
2019-07-29 01:05

suspending until we have a tag for new target version/fixed in version

Issue Community Support
This issue is already marked as resolved.
If you feel that is not the case, please reopen it and explain why.
Supporters: No one explicitly supports this issue yet.
Opponents: No one explicitly opposes this issue yet.

- Issue History
Date Modified Username Field Change
2019-06-21 21:11 WubTheCaptain New Issue
2019-06-21 21:11 WubTheCaptain Status new => assigned
2019-06-21 21:11 WubTheCaptain Assigned To => WubTheCaptain
2019-06-21 21:11 WubTheCaptain Relationship added child of 0003660
2019-06-21 21:24 WubTheCaptain Note Added: 0020796
2019-06-21 21:51 WubTheCaptain Additional Information Updated View Revisions
2019-06-21 21:52 WubTheCaptain Additional Information Updated View Revisions
2019-06-21 21:54 WubTheCaptain Additional Information Updated View Revisions
2019-06-21 21:55 WubTheCaptain Steps to Reproduce Updated View Revisions
2019-06-21 21:55 WubTheCaptain Additional Information Updated View Revisions
2019-06-21 22:19 WubTheCaptain Note Added: 0020797
2019-06-21 22:19 WubTheCaptain Status assigned => needs review
2019-06-21 22:21 WubTheCaptain File Added: CVE Request 712592 for CVE ID Request.eml
2019-06-21 22:24 WubTheCaptain Additional Information Updated View Revisions
2019-06-21 22:37 WubTheCaptain Product Version 1.2 => 1.1
2019-06-22 06:36 Filystea Note Added: 0020798
2019-06-22 10:28 WubTheCaptain Note Deleted: 0020798
2019-06-22 11:29 WubTheCaptain Additional Information Updated View Revisions
2019-06-23 02:49 WubTheCaptain Note Added: 0020811
2019-06-24 22:15 WubTheCaptain Note Added: 0020830
2019-06-28 17:47 WubTheCaptain Note Added: 0020844
2019-06-28 17:47 WubTheCaptain Assigned To WubTheCaptain =>
2019-06-28 17:47 WubTheCaptain Status needs review => needs testing
2019-06-28 17:47 WubTheCaptain Note Edited: 0020844 View Revisions
2019-06-28 20:45 Filystea Note Added: 0020845
2019-06-30 05:46 Zalewa Status needs testing => resolved
2019-06-30 05:46 Zalewa Fixed in Version => 1.3
2019-06-30 05:46 Zalewa Resolution open => fixed
2019-06-30 05:46 Zalewa Assigned To => Zalewa
2019-06-30 05:49 Zalewa Note Deleted: 0020845
2019-07-28 01:52 WubTheCaptain Note Added: 0020925
2019-07-28 01:52 WubTheCaptain Status resolved => new
2019-07-28 01:52 WubTheCaptain Resolution fixed => reopened
2019-07-28 01:52 WubTheCaptain Fixed in Version 1.3 =>
2019-07-28 01:52 WubTheCaptain Target Version 1.3 =>
2019-07-28 17:19 Pol M Assigned To Zalewa => Pol M
2019-07-28 17:19 Pol M Status new => assigned
2019-07-28 17:34 Pol M Note Added: 0020927
2019-07-28 17:34 Pol M Status assigned => needs review
2019-07-28 19:41 Pol M Note Edited: 0020927 View Revisions
2019-07-28 19:42 Pol M Status needs review => resolved
2019-07-28 19:42 Pol M Fixed in Version => 1.3
2019-07-28 19:42 Pol M Resolution reopened => fixed
2019-07-29 01:05 WubTheCaptain Note Added: 0020930
2019-07-29 01:05 WubTheCaptain Assigned To Pol M =>
2019-07-29 01:05 WubTheCaptain Resolution fixed => suspended
2019-07-29 01:05 WubTheCaptain Fixed in Version 1.3 =>
2019-08-01 05:00 WubTheCaptain Target Version => 1.4
2019-08-01 05:01 WubTheCaptain Resolution suspended => fixed
2019-08-01 05:01 WubTheCaptain Fixed in Version => 1.4
2019-08-01 05:01 WubTheCaptain Target Version 1.4 => 1.3






Questions or other issues? Contact Us.

Links


Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker