Ventrilo status packets denial of service
| ventrilo-status-dos (21996) |  Medium Risk |
Description:
Ventrilo is vulnerable to a denial of service attack. A remote attacker could send a specially-crafted status packet with less data than the query headers expect to cause a denial of service.
Consequences:
Denial of Service
Remedy:
No remedy available as of July 9, 2011.
References:
- Full-Disclosure Mailing List, Tue Aug 23 2005 - 13:22:17 CDT: Server crash in Ventrilo 2.3.0.
- Ventrilo Web site: Ventrilo Surround Sound Voice Communication Software.
- BID-14644: Ventrilo Status Requests Denial Of Service Vulnerability
- CVE-2005-2719: Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial of service (application crash) via a status packet that contains less data than specified in the packet header sent to UDP port 3784.
- SA16551: Ventrilo Server Denial of Service Vulnerability
- SECTRACK ID: 1014784: Ventrilo Service Can Be Crashed By Remote Users
Platforms Affected:
- Apple Mac OS PowerPC
- Flagship Industries Ventrilo 2.1.2 - 2.3.0
- FreeBSD FreeBSD
- NetBSD NetBSD
- Sun Solaris 10 SPARC
- Sun Solaris 7.0 SPARC
- Sun Solaris 8 SPARC
- Sun Solaris 9 SPARC
- Sun Solaris x86
Reported:
Aug 23, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net