Debian Security Advisory

DSA-127-1 xpilot-server -- remote buffer overflow

Date Reported:
17 Apr 2002
Affected Packages:
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 4534.
In Mitre's CVE dictionary: CVE-2002-0179.
More information:

An internal audit by the xpilot (a multi-player tactical manoeuvring game for X) maintainers revealed a buffer overflow in xpilot server. This overflow can be abused by remote attackers to gain access to the server under which the xpilot server is running.

This has been fixed in upstream version 4.5.1 and version 4.1.0-4.U.4alpha2.4.potato1 of the Debian package.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Architecture-independent component:
Intel IA-32:
Motorola 680x0:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.