CVE-2011-4620

Publication date 31 December 2011

Last updated 24 July 2024

Ubuntu priority

Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products, allows user-assisted remote attackers to execute arbitrary code via vectors involving a long error message, as demonstrated by a crafted acc file for TORCS. NOTE: some of these details are obtained from third party information.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
plib	11.10 oneiric	Fixed 1.8.5-5+squeeze1build0.11.10.1
	11.04 natty	Fixed 1.8.5-5+squeeze1build0.11.04.1
	10.10 maverick	Fixed 1.8.5-5+squeeze1build0.10.10.1
	10.04 LTS lucid	Fixed 1.8.5-5+squeeze1build0.10.04.1
	8.04 LTS hardy	Ignored
torcs	11.10 oneiric	Not affected
	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	8.04 LTS hardy	Ignored

How can I get the fixes?
What do statuses mean?

Notes

tyhicks

The flaw is only in plib, which is used by torcs.

References

MITRE
NVD
Launchpad
Debian

Other references

http://www.exploit-db.com/exploits/18258/
http://openwall.com/lists/oss-security/2011/12/21/2
https://www.cve.org/CVERecord?id=CVE-2011-4620