RakNet communication denial of service
| raknet-communication-dos (20905) |  Medium Risk |
Description:
RakNet is vulnerable to a denial of service attack caused by a vulnerability in the communication handling. A remote attacker could send an empty UDP datagram to cause the server to enter into an infinite loop, resulting in a denial of service.
Consequences:
Denial of Service
Remedy:
Upgrade to the latest version of RakNet (2.33 dated 2005-05-30 or later), available from the RakNet Download Web page. See References.
References:
- Luigi Auriemma: Raknet network library.
- Luigi Auriemma: Denial of Service in Unity 2.61.
- RakNet Download Web page: Rakkarsoft.
- Unity Technologies Web site: UNITY: Game Development Tool.
- BID-13862: Rakkarsoft RakNet Remote Denial of Service Vulnerability
- CVE-2005-1899: Rakkarsoft RakNet network library 2.33 and earlier, when released before 30 May 2005, and as used in multiple products including nFusion Elite Warriors: Vietnam, allows remote attackers to cause a denial of service (infinite loop) via a zero-byte UDP packet.
- SA15597: RakNet Empty UDP Datagram Denial of Service Vulnerability
- SA39097: Unity Two Denial of Service Vulnerabilities
- SECTRACK ID: 1014111: RakNet Lets Remote Users Freeze the System With a Zero Byte UDP Packet
Platforms Affected:
- Rakkarsoft RakNet 2.33-prior 5/30/05
- Unity Technologies Unity 2.61
Reported:
Jun 06, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net