Sauerbraten engine/server.cpp denial of service
| sauerbraten-engineserver-dos (25087) |  Medium Risk |
Description:
Sauerbraten is vulnerable to a denial of service attack by input sent to the engine/server.cpp file. Attempted client connections that time out before connecting to the server could cause the server to use more memory than normally allocated to this function and cause a denial of service condition on the server.
Consequences:
Denial of Service
Remedy:
Upgrade to the latest version of Sauerbraten Game Engine, available from the Sauerbraten Game Engine Web site. See References.
References:
- BugTraq Mailing List, Mon Mar 06 2006 - 14:29:51 CST : Multiple vulnerabilities in Sauerbraten engine 2006_02_28.
- Sauerbraten Game Engine Web site: Sauerbraten Game Engine.
- SourceForge.net: sauerbraten game engine.
- BID-16986: Sauerbraten Multiple Remote Vulnerabilities
- CVE-2006-1103: engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (segmentation fault) via a client that does not completely join the game and times out, which results in a null pointer dereference.
- VUPEN/ADV-2006-0848: Sauerbraten Memory Corruption and Denial of Service Vulnerabilities
Platforms Affected:
- Sauerbraten Game Engine Sauerbraten Game Engine 2006_02_28
Reported:
Mar 06, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net