RakNet communication denial of service
| raknet-communication-dos (20905) |  Low Risk |
Description:
RakNet is vulnerable to a denial of service attack caused by a vulnerability in the communication handling. A remote attacker could send an empty UDP datagram to cause the server to enter into an infinite loop, resulting in a denial of service.
Platforms Affected:
- Rakkarsoft, RakNet 2.33-prior 5/30/05
Remedy:
Upgrade to the latest version of RakNet (2.33 dated 2005-05-30 or later), available from the RakNet Download Web page. See References.
Consequences:
Denial of Service
References:
- Luigi Auriemma, Raknet network library at http://aluigi.altervista.org/adv/rakzero-adv.txt.
- RakNet Download Web page, Rakkarsoft at http://www.rakkarsoft.com/#Downloads.
- BID-13862: Rakkarsoft RakNet Remote Denial of Service Vulnerability
- CVE-2005-1899: Rakkarsoft RakNet network library 2.33 and earlier, when released before 30 May 2005, and as used in multiple products including nFusion Elite Warriors: Vietnam, allows remote attackers to cause a denial of service (infinite loop) via a zero-byte UDP packet.
- SA15597: RakNet Empty UDP Datagram Denial of Service Vulnerability
- SECTRACK ID: 1014111: RakNet Lets Remote Users Freeze the System With a Zero Byte UDP Packet
Reported:
Jun 06, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net