aGSM response buffer overflow
| agsm-response-bo (17046) |  High Risk |
Description:
aGSM is vulnerable to a buffer overflow, caused by improper validation of responses from the Half-Life server. By sending a specially-crafted response to aGSM, a remote attacker could overflow a buffer and execute arbitrary code on the system.
Platforms Affected:
- altSoft, aGSM 2.35c and 2.51c
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Gain Access
References:
- aGSM Web site, alternative Game Server Monitor - free online games, multiplayer game servers finding tool at http://www.agsm.net.
- BID-10989: aGSM Half-Life Server Info Response Buffer Overflow Vulnerability
- CVE-2004-2277: Buffer overflow in aGSM Half-Life client allows remote Half-Life servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server response.
- OSVDB ID: 9072: aGSM Half-Life Server Response Remote Overflow
- SA12334: aGSM Buffer Overflow Vulnerability
- SECTRACK ID: 1010989: aGSM Buffer Overflow in Processing Half-Life Server Responses May Let Remote Users Execute Arbitrary Code
Reported:
Aug 19, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net