Alien Arena com_sprintf denial of service
| alien-com-sprintf-dos (25201) |  Medium Risk |
Description:
Alien Arena 2006 Gold Edition is vulnerable to a denial of service attack, caused by a vulnerability in the com_sprintf function in q_shared.c. If a remote attacker logs in to the game server using an overly long skin, weapon, or model name, the attacker could cause the systems of other clients who are logged into the game server to crash.
Consequences:
Denial of Service
Remedy:
No remedy available as of July 9, 2011.
References:
- Full-Disclosure Mailing List, Tue Mar 07 2006 - 11:48:01 CST : Multiple vulnerabilities in Alien Arena 2006 GE 5.00.
- Red Planet Arena Web site: Red Planel Arena.
- BID-17028: Alien Arena 2006 GE Multiple Remote Vulnerabilities
- CVE-2006-1147: The Com_sprintf function in q_shared.c in Alien Arena 2006 Gold Edition 5.00 does not properly NULL terminate certain long strings, which allows remote attackers (possibly authenticated) to cause a denial of service (application crash) via a long skin, weapon, or model name.
- OSVDB ID: 23749: Alien Arena 2006 Gold Edition Com_sprintf() Function Long Skin DoS
- SA19144: Alien Arena 2006 Gold Edition Multiple Vulnerabilities
- VUPEN/ADV-2006-0882: Alien Arena 2006 Gold Edition Multiple Remote Code Execution Vulnerabilities
Platforms Affected:
- Red Planet Arena Alien Arena 5.00 2006 Gold
Reported:
Mar 07, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net