DB Hub clear_user_list() denial of service
| dbhub-clearuserlist-dos (31172) |  Low Risk |
Description:
DB Hub is vulnerable to a denial of service, caused by a NULL pointer dereference in the clear_user_list() function in main.c. By sending a specially-crafted packet to a vulnerable system, a remote attacker could cause the service to crash.
Platforms Affected:
- Centurion, DB Hub 0.3
Remedy:
Upgrade to the latest version of DB Hub (0.352 or later), available from the DB Hub Web site. See References.
Consequences:
Denial of Service
References:
- Critical Security - 2006-12-27 22:13:29, DB Hub 0.3 clear_user_list() DoS ataka at http://www.critical.lt/?vuln/548.
- DB Hub Web site, DB Hub at http://dbhub.ir.pl/.
- BID-21791: DB Hub Remote Denial of Service Vulnerability
- CVE-2006-6810: Unspecified vulnerability in the clear_user_list function in src/main.c in DB Hub 0.3 allows remote attackers to cause a denial of service (application crash) via crafted network traffic, which triggers memory corruption.
- SA23489: DB Hub "clear_user_list()" Denial of Service
- VUPEN/ADV-2006-5198: DB Hub clear_user_list() Requests Handling Remote Denial of Service Vulnerability
Reported:
Dec 27, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net