Alien Arena cmd_say_f buffer overflow
| alien-cmd-sa-f-bo (25200) |  High Risk |
Description:
Alien Arena 2006 Gold Edition is vulnerable to a stack-based buffer overflow in the g_cmds.c file, caused by improper bounds checking by the cmd_say_f function. By sending a message to the server using an overly long nickname, a remote attacker could overflow a buffer and execute arbitrary code on the Alien Arena 2006 game server.
Consequences:
Gain Access
Remedy:
No remedy available as of July 9, 2011.
References:
- Full-Disclosure Mailing List, Tue Mar 07 2006 - 11:48:01 CST : Multiple vulnerabilities in Alien Arena 2006 GE 5.00.
- Red Planet Arena Web site: Red Planel Arena.
- BID-17028: Alien Arena 2006 GE Multiple Remote Vulnerabilities
- CVE-2006-1146: Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code by sending a long message to the server.
- OSVDB ID: 23748: Alien Arena 2006 Gold Edition g_cmds.c Cmd_Say_f Remote Overflow
- SA19144: Alien Arena 2006 Gold Edition Multiple Vulnerabilities
- VUPEN/ADV-2006-0882: Alien Arena 2006 Gold Edition Multiple Remote Code Execution Vulnerabilities
Platforms Affected:
- Red Planet Arena Alien Arena 5.00 2006 Gold
Reported:
Mar 07, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net