Roger Wilco information disclosure

roger-wilco-obtain-information (15816) The risk level is classified as MediumMedium Risk

Description:

Roger Wilco and Roger Wilco Base Station could allow a remote attacker to obtain sensitive information, caused by a vulnerability when a client joins a channel on a vulnerable server. A remote attacker could use this vulnerability to obtain sensitive information, including the IDs and IP addresses of other users.


Consequences:

Obtain Information

Remedy:

No remedy available as of July 9, 2011.

References:

  • BugTraq Mailing List, Mar 31 2004 - 14:11:46 CST : RogerWilco: new funny bugs.
  • BID-10024: Roger Wilco Information Disclosure Vulnerability
  • BID-10025: Roger Wilco Server Unauthorized Audio Stream Denial Of Service Vulnerability
  • BID-10026: ADA IMGSVR Remote Directory Listing Vulnerability
  • BID-10027: ADA IMGSVR Remote File Download Vulnerability
  • BID-10028: OpenBSD ISAKMPD Zero Payload Length Denial Of Service Vulnerability
  • BID-1003: FTPx FTP Explorer Weak Password Encryption Vulnerability
  • BID-10033: HAHTsite Scenario Server Project File Name Buffer Overrun Vulnerability
  • BID-10036: Macromedia Dreamweaver Remote User Database Access Vulnerability
  • CVE-2004-2450: The client and server for Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier report sensitive information such as IDs and source IP addresses, which allows remote attackers to obtain sensitive information.
  • SA11270: Roger Wilco Multiple Vulnerabilities

Platforms Affected:

  • GameSpy Roger Wilco Dedicated Server for Win32 0.30a and prior
  • GameSpy Roger Wilco Graphical Server 1.4.1.6 and prior

Reported:

Apr 04, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page