Gentoo Security Advisory GLSA 200603-10 (cube) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200603-10.

Solution

Upstream stated that there will be no fixed version of Cube, thus the Gentoo Security Team decided to hardmask Cube for security reasons. All Cube users are encouraged to uninstall Cube: # emerge --ask --unmerge games-fps/cube http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200603-10 http://bugs.gentoo.org/show_bug.cgi?id=125289

Insight

Cube is vulnerable to a buffer overflow, invalid memory access and remote client crashes, possibly leading to a Denial of Service or remote code execution.

Severity

Classification

CVE CVE-2006-1100, CVE-2006-1101, CVE-2006-1102

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200407-02 (Kernel)
Gentoo Security Advisory GLSA 200408-12 (gaim)
Gentoo Security Advisory GLSA 200405-02 (lha)
Gentoo Security Advisory GLSA 200408-01 (MPlayer)
Gentoo Security Advisory GLSA 200407-23 (SoX)

Take action and discover your vulnerabilities