GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sat Apr 22, 2006 8:26 pm Post subject: [ GLSA 200604-11 ] Crossfire server: Denial of Service and p |
|
|
Gentoo Linux Security Advisory
Title: Crossfire server: Denial of Service and potential arbitrary code execution (GLSA 200604-11)
Severity: high
Exploitable: remote
Date: April 22, 2006
Bug(s): #126169
ID: 200604-11
Synopsis
The Crossfire game server is vulnerable to a Denial of Service and
potentially to the execution of arbitrary code.
Background
Crossfire is a cooperative multiplayer graphical adventure and
role-playing game. The Crossfire game server allows various compatible
clients to connect to participate in a cooperative game.
Affected Packages
Package: games-server/crossfire-server
Vulnerable: < 1.9.0
Unaffected: >= 1.9.0
Architectures: All supported architectures
Description
Luigi Auriemma discovered a vulnerability in the Crossfire game
server, in the handling of the "oldsocketmode" option when processing
overly large requests.
Impact
An attacker can set up a malicious Crossfire client that would
send a large request in "oldsocketmode", resulting in a Denial of
Service on the Crossfire server and potentially in the execution of
arbitrary code on the server with the rights of the game server.
Workaround
There is no known workaround at this time.
Resolution
All Crossfire server users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=games-server/crossfire-server-1.9.0" |
References
CVE-2006-1010
Last edited by GLSA on Sat Feb 02, 2013 4:22 am; edited 7 times in total |
|