PunkBuster WebTool component buffer overflow

punkbuster-webtool-bo (26608) The risk level is classified as HighHigh Risk

Description:

PunkBuster is vulnerable to a buffer overflow in the remote administration server (WebTool) component, which is disabled by default. By sending a specially-crafted HTTP POST request containing an overly long webkey value to an affected server, a remote attacker could overflow a buffer and cause the game server to crash or possibly execute arbitrary code on the affected system.


Consequences:

Gain Access

Remedy:

Upgrade to the latest version of PunkBuster (1.229 or later), available from the PunkBuster Web site. See References.

References:

  • Luigi Auriemma Security Advisory 23 May 2006: Buffer-overflow in the WebTool service of Punkbuster for servers (minor than v1.229).
  • PunkBuster Web site: PunkBuster Online Countermeasures.
  • PunkBuster Web site: Support.
  • BID-18106: PunkBuster WebTool WebKey Parameter Remote Buffer Overflow Vulnerability
  • CVE-2006-2587: Buffer overflow in the WebTool HTTP server component in (1) PunkBuster before 1.229, as used by multiple products including (2) America's Army 1.228 and earlier, (3) Battlefield 1942 1.158 and earlier, (4) Battlefield 2 1.184 and earlier, (5) Battlefield Vietnam 1.150 and earlier, (6) Call of Duty 1.173 and earlier, (7) Call of Duty 2 1.108 and earlier, (8) DOOM 3 1.159 and earlier, (9) Enemy Territory 1.167 and earlier, (10) Far Cry 1.150 and earlier, (11) F.E.A.R. 1.093 and earlier, (12) Joint Operations 1.187 and earlier, (13) Quake III Arena 1.150 and earlier, (14) Quake 4 1.181 and earlier, (15) Rainbow Six 3: Raven Shield 1.169 and earlier, (16) Rainbow Six 4: Lockdown 1.093 and earlier, (17) Return to Castle Wolfenstein 1.175 and earlier, and (18) Soldier of Fortune II 1.183 and ear
  • OSVDB ID: 25738: PunkBuster WebTool webkey Authentication Overflow
  • SA20257: PunkBuster WebTool Buffer Overflow Vulnerability
  • SECTRACK ID: 1016155: PunkBuster Buffer Overflow in WebTool Interface Lets Remote Users Deny Service
  • VUPEN/ADV-2006-1940: PunkBuster WebTool webkey Parameter Remote Buffer Overflow Vulnerability

Platforms Affected:

  • Even Balance PunkBuster prior to 1.229

Reported:

May 23, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page