America's Army Special Forces type 4 denial of service

americasarmy-type4-dos (44152) The risk level is classified as LowLow Risk

Description:

America's Army Special Forces is vulnerable to a denial of service, caused by an error when processing malformed packets. By sending specially-crafted UDP type 4 packets, a remote attacker could exploit this vulnerability to cause an assertion resulting in the termination of the server.

Platforms Affected:

  • America's Army 2008, America's Army 1.0.0
  • America's Army 2008, America's Army 1.0.1 B
  • America's Army 2008, America's Army 1.1.1
  • America's Army 2008, America's Army 1.2.0
  • America's Army 2008, America's Army 1.2.1
  • America's Army 2008, America's Army 1.3.0
  • America's Army 2008, America's Army 1.4.0
  • America's Army 2008, America's Army 1.5.0
  • America's Army 2008, America's Army 1.6.0
  • America's Army 2008, America's Army 1.7.0
  • America's Army 2008, America's Army 1.9.0
  • America's Army 2008, America's Army 2.0.0 A
  • America's Army 2008, America's Army 2.0.0
  • America's Army 2008, America's Army 2.1.0
  • America's Army 2008, America's Army 2.2.0
  • America's Army 2008, America's Army 2.2.1
  • America's Army 2008, America's Army 2.3.0
  • America's Army 2008, America's Army 2.4.0
  • America's Army 2008, America's Army 2.5.0
  • America's Army 2008, America's Army 2.6.0
  • America's Army 2008, America's Army 2.7.0
  • America's Army 2008, America's Army 2.8.0
  • America's Army 2008, America's Army 2.8.1
  • America's Army 2008, America's Army 2.8.2
  • America's Army 2008, America's Army 2.8.3
  • America's Army 2008, America's Army 2.8.3.1

Remedy:

No remedy available as of July 4, 2009.

Consequences:

Denial of Service

References:

  • AMERICA'S ARMY: SPECIAL FORCES Web page, America's Army Special Forces at http://www.americasarmy.com/.
  • Luigi Auriemma Advisories, 02 Aug 2008, America's Army at http://aluigi.altervista.org/adv/armynchia-adv.txt.
  • BID-30519: America's Army Malformed UDP Packet Remote Denial of Service Vulnerability
  • CVE-2008-3492: America's Army (aka AA or Army Game Project) 2.8.3.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted UDP packet, probably involving a VoiceIndex value that is outside of the range specified by VOICE_MAX_CHATTERS.
  • SA31353: America's Army Special Forces UDP Processing Denial of Service

Reported:

Aug 02, 2008

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page