|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 1171 CVE : CVE-2006-3325 CVE : CVE-2006-3324 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : No Credit : Luigi Auriemma (aluigi autistici org) Published : 03.07.2006
Advisory Content : A small correction: The cd-key stealing is not possible since the master server address is built-in in the client code. Sorry for this wrong info, I added it almost two weeks ago while taking note of the possible ways for exploitating these bugs and forgot to recheck this method. I have updated the proof-of-concept simply adding the cl_allowdownload cvar, so is no longer needed to enable "Automatic Downloading" on the client since any client with this option disabled or enabled will start to overwrite any file in the system decided by the server of the attacker which has full control over the client's cvars (those write protected too, just like fs_homepath). As already said the PoC is very very basic, relaunch the server or change map if you want to re-overwrite the same file on the same client (useless info, I tell you only in case you are not able to re-overwrite the same file during the same server session and don't know why). BYEZ --- Luigi Auriemma http://aluigi.org http://mirror.aluigi.org  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |