CVE-2009-4007 : Unspecified vulnerability in the NormaliseTrainConsist function in src/train

Unspecified vulnerability in the NormaliseTrainConsist function in src/train_cmd.cpp in OpenTTD before 0.7.5-RC1 allows remote attackers to cause a denial of service (daemon crash) via certain game actions involving a wagon and a dual-headed engine.

Published 2009-12-28 19:30:00

Updated 2010-03-26 05:34:57

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2009-4007

Openttd » Openttd
Versions up to, including, (<=) 0.7.4
cpe:2.3:a:openttd:openttd:*:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.1.1
cpe:2.3:a:openttd:openttd:0.1.1:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.3.1
cpe:2.3:a:openttd:openttd:0.3.1:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.3.2
cpe:2.3:a:openttd:openttd:0.3.2:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.1.2
cpe:2.3:a:openttd:openttd:0.1.2:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.1.3
cpe:2.3:a:openttd:openttd:0.1.3:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.3.2.1
cpe:2.3:a:openttd:openttd:0.3.2.1:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.3.3
cpe:2.3:a:openttd:openttd:0.3.3:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.1.4
cpe:2.3:a:openttd:openttd:0.1.4:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.2.0
cpe:2.3:a:openttd:openttd:0.2.0:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.3.4
cpe:2.3:a:openttd:openttd:0.3.4:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.3.5
cpe:2.3:a:openttd:openttd:0.3.5:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.2.1
cpe:2.3:a:openttd:openttd:0.2.1:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.3.0
cpe:2.3:a:openttd:openttd:0.3.0:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.3.6
cpe:2.3:a:openttd:openttd:0.3.6:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.4.0
cpe:2.3:a:openttd:openttd:0.4.0:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.4.0.1
cpe:2.3:a:openttd:openttd:0.4.0.1:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.3.7
cpe:2.3:a:openttd:openttd:0.3.7:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.4.5
cpe:2.3:a:openttd:openttd:0.4.5:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.4.6
cpe:2.3:a:openttd:openttd:0.4.6:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.4.7
cpe:2.3:a:openttd:openttd:0.4.7:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.0 Update Beta1
cpe:2.3:a:openttd:openttd:0.6.0:beta1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.0 Update Beta5
cpe:2.3:a:openttd:openttd:0.6.0:beta5:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.1 Update RC1
cpe:2.3:a:openttd:openttd:0.6.1:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.3 Update RC1
cpe:2.3:a:openttd:openttd:0.5.3:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.0 Update RC5
cpe:2.3:a:openttd:openttd:0.5.0:rc5:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.0 Update RC2
cpe:2.3:a:openttd:openttd:0.5.0:rc2:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.1
cpe:2.3:a:openttd:openttd:0.5.1:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.4.8 Update RC1
cpe:2.3:a:openttd:openttd:0.4.8:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.0
cpe:2.3:a:openttd:openttd:0.6.0:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.0 Update Beta4
cpe:2.3:a:openttd:openttd:0.6.0:beta4:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.0 Update RC1
cpe:2.3:a:openttd:openttd:0.6.0:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.2 Update RC1
cpe:2.3:a:openttd:openttd:0.5.2:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.3 Update RC2
cpe:2.3:a:openttd:openttd:0.5.3:rc2:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.1 Update RC2
cpe:2.3:a:openttd:openttd:0.5.1:rc2:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.0
cpe:2.3:a:openttd:openttd:0.5.0:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.4.8 Update RC2
cpe:2.3:a:openttd:openttd:0.4.8:rc2:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.3
cpe:2.3:a:openttd:openttd:0.5.3:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.1 Update RC2
cpe:2.3:a:openttd:openttd:0.6.1:rc2:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.3 Update RC3
cpe:2.3:a:openttd:openttd:0.5.3:rc3:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.0 Update RC1
cpe:2.3:a:openttd:openttd:0.5.0:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.0 Update RC3
cpe:2.3:a:openttd:openttd:0.5.0:rc3:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.4.8
cpe:2.3:a:openttd:openttd:0.4.8:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.0 Update Beta2
cpe:2.3:a:openttd:openttd:0.6.0:beta2:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.0 Update Beta3
cpe:2.3:a:openttd:openttd:0.6.0:beta3:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.2
cpe:2.3:a:openttd:openttd:0.5.2:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.0 Update RC4
cpe:2.3:a:openttd:openttd:0.5.0:rc4:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.1 Update RC3
cpe:2.3:a:openttd:openttd:0.5.1:rc3:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.5.1 Update RC1
cpe:2.3:a:openttd:openttd:0.5.1:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.1
cpe:2.3:a:openttd:openttd:0.6.1:*:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.2 Update RC1
cpe:2.3:a:openttd:openttd:0.6.2:rc1:*:*:*:*:*:*
Matching versions
Openttd » Openttd » Version: 0.6.2 Update RC2
cpe:2.3:a:openttd:openttd:0.6.2:rc2:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2009-4007

EPSS FAQ

1.66%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 81 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-4007

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

References for CVE-2009-4007

http://binaries.openttd.org/releases/0.7.5/changelog.txt
http://www.openttd.org/en/news/112

OpenTTD | 404 - Page Not Found
Patch;Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033754.html

403 Forbidden
http://vcs.openttd.org/svn/changeset/18462/trunk/src/train_cmd.cpp
http://www.vupen.com/english/advisories/2009/3645

Site en construction
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033896.html

403 Forbidden
http://www.securityfocus.com/bid/37487
http://www.openwall.com/lists/oss-security/2009/12/24/1

oss-security - OpenTTD remote DoS

Jump to

Vulnerability Details : CVE-2009-4007

Products affected by CVE-2009-4007

Exploit prediction scoring system (EPSS) score for CVE-2009-4007

CVSS scores for CVE-2009-4007

References for CVE-2009-4007