netPanzer frameNum denial of service

netpanzer-framenum-dos (26607) The risk level is classified as MediumMedium Risk

Description:

netPanzer is vulnerable to a denial of service attack. A remote attacker could exploit this vulnerability to cause the game server to crash by connecting to the server with a frameNum value greater than 41.


Consequences:

Denial of Service

Remedy:

No remedy available as of July 1, 2014.

References:

  • Luigi Auriemma Security Advisory 23 May 2006:: Server termination in netPanzer 0.8 (rev 952).
  • netPanzer Web site: netPanzer - An Online Multiplayer Tactical Warfare Game.
  • BID-18104: NetPanzer SETFRAME Remote Denial of Service Vulnerability
  • CVE-2006-2575: The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (crash) via a client flag (frameNum) that is greater than 41, which triggers an assert error.
  • OSVDB ID: 25737: NetPanzer Surface.hpp setFrame() Remote DoS
  • SA20250: NetPanzer "setFrame()" Denial of Service Vulnerability
  • SECTRACK ID: 1016149: NetPanzer `frameNum` Error Lets Remote Users Deny Service
  • VUPEN/ADV-2006-1939: netPanzer setFrame() frameNum Handling Remote Denial of Service Vulnerability

Platforms Affected:

  • PyroSoft netPanzer 0.8 and prior

Reported:

May 23, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page