FUN labs games UDP denial of service
| funlabs-games-upd-dos (19762) |  Medium Risk |
Description:
FUN labs is vulnerable to a denial of service attack. A remote attacker could send a specially-crafted UDP packet to the gaming server to cause the server to stop accepting packets resulting in a denial of service.
Games affected by this vulnerability include: 4X4 Off-road Adventure III, Cabela's Big Game Hunter 2004 Season, Cabela's Big Game Hunter 2005, Cabela's Dangerous Hunts, Cabela's Deer Hunt 2005 Season, Revolution, Secret Service - In harm's Way, Shadow Force: Razor Unit, and US Most Wanted: Nowhere To Hide. Other games may also be affected.
Consequences:
Denial of Service
Remedy:
No remedy available as of July 9, 2011.
References:
- 4X4 Off-road Adventure III Web site: 4X4 Off-road Adventure III.
- Cabela's Big Game Hunter 2004 Season Web site: Cabela's Big Game Hunter 2004 Season.
- Cabela's Big Game Hunter 2005 Web site: Cabela's Games :: Cabela's Big Game Hunter 2005 Adventure.
- Cabela's Dangerous Hunts Web site: Cabela's Games :: Cabela's Dangerous Hunts.
- Cabela's Deer Hunt 2005 Season: Cabela's Games :: Cabela's Big Game Hunter 2005 Adventure.
- Revolution Web site: Revolution.
- Secret Service - In harm's Way Web site: Secret Service - In harm's Way.
- Shadow Force: Razor Unit Web site: Shadow Force: Razor Unit.
- US Most Wanted: Nowhere To Hide Web site: US Most Wanted: Nowhere To Hide.
- BID-12862: FUN labs Game Engine Multiple Remote Denial of Service Vulnerabilities
- CVE-2005-0848: Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service via an empty UDP packet to the server, which cannot detect that a new packet has arrived using the socket ioctl.
- CVE-2005-0849: Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service (crash from invalid memory access) via a malformed join packet with values that cause the server to copy more memory than was actually provided in the packet.
- SA14638: FUN labs Various Games Denial of Service Vulnerabilities
- SECTRACK ID: 1013492: FUN labs Games Can Be Crashed By Remote Users
Platforms Affected:
- FUN labs 4X4 Off-road Adventure III
- FUN labs Cabela's Big Game Hunter 2004 Season
- FUN labs Cabela's Big Game Hunter 2005 Adventure
- FUN labs Cabela's Dangerous Hunts
- FUN labs Cabela's Deer Hunt 2005 Season
- FUN labs Revolution
- FUN labs Secret Service - In harm's Way Web site
- FUN labs Shadow Force: Razor Unit
- FUN labs US Most Wanted: Nowhere To Hide
Reported:
Mar 21, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net