In association with heise online

05 September 2011, 17:06

OpenTTD vulnerabilities could allow remote code execution

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Open TTD logo The OpenTTD developers have discovered three security issues in the open source game based on MicroProse's Transport Tycoon Deluxe. One issue, a buffer overflow in save games, makes it possible to crash the game and possibly cause the execution of arbitrary code; the bug has been present since version 0.1.0.

In another issue, improperly validated commands from the server can create a denial of service. The third issue involves buffer overflows when validating external data read from the local filesystem; this could lead to arbitrary code execution. All three bugs are due to be fixed in an upcoming 1.1.3 release; a release candidate for that version is available. OpenTTD is licensed under the GPLv2.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit