GGZ Gaming Zone XML denial of service
| ggzgaminzone-xml-dos (25164) |  Medium Risk |
Description:
GGZ Gaming Zone is vulnerable to a denial of service caused by improper handling of malformed XML data. A remote attacker could join with a nickname within single quotes, a nickname over 16 characters, or a long text message to cause the client to be disconnected from the server.
Consequences:
Denial of Service
Remedy:
No remedy available as of July 9, 2011.
References:
- GGZ Gaming Zone Web site: GGZ Gaming Zone.
- BID-17094: GGZ Gaming Zone Multiple Denial Of Service Vulnerabilities
- CVE-2006-1275: GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of service (client disconnect) via inputs that produce malformed XML, including (1) trailing ' (apostrophe) character on the ID attribute in a PLAYER XML tag, (2) joining with a long ID attribute or non-trailing ' characters, which causes a <none> name to be assigned, and then disconnecting, or (3) a long CDATA message attribute, which prevents closing tags from being added to the string.
- OSVDB ID: 23848: GGZ Gaming Zone Crafted XML DoS
- SA19212: GGZ Gaming Zone XML Handling Denial of Service
- VUPEN/ADV-2006-0935: GGZ Gaming Zone XML Data Handling Remote Denial of Service Vulnerability
Platforms Affected:
- GGZ GGZ Gaming Zone 0.0.12 and prior
Reported:
Mar 13, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net