Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-0401

OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet.

Related bugs and status

CVE-2010-0401 (Candidate) is related to these bugs:

Bug #576396: Please update to 1.0.3

Summary				In	Importance	Status
	576396	Please update to 1.0.3		openttd (Ubuntu)	Medium	Fix Released

Bug #578152: [add to repository] OpenTTD

Summary				In	Importance	Status
	578152	[add to repository] OpenTTD		GetDeb Software Portal	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://bugs.openttd.or...
CONFIRM: http://security.opentt...
SECUNIA: 39669