|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 3193 CVE : CVE-2007-5249 CVE : CVE-2007-5250 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : Luigi Auriemma Published : 06.10.2007
Advisory Content : ####################################################################### Luigi Auriemma Application: America's Army and America's Army Special Forces http://www.americasarmy.com Versions: <= 2.8.2 Platforms: Windows, Linux and Mac Bugs: unexploitable buffer-overflow in the logging function Exploitation: remote, versus servers with Punkbuster enabled Date: 01 Oct 2007 Author: Luigi Auriemma e-mail: aluigi (at) autistici (dot) org [email concealed] web: aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== America's Army is a realistic FPS game based and developed just by the the U.S. Army (http://www.goarmy.com). ####################################################################### ====== 2) Bug ====== This bug is the same reported here: http://aluigi.org/adv/unrwebdos-adv.txt What changes now is the possibility of exploiting it also in this specific game (since it doesn't support or doesn't seem to support the web service used as way for exploiting the bug in that advisory) and anonymously from outside the server with a single UDP packet. The only requirement is the running of Punkbuster on the server while for exploiting the vulnerability will be used the PB_Y (YPG server) or the PB_U (UCON) packets with a content of about 1024 bytes. Exists also another minor problem which can be exploited only versus the Windows dedicated server (ever with Punkbuster enabled) since the chars printed on the console are not filtered so using invalid chars or 0x07 (the bell) can cause the freezing of the entire server. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/aaboompb.zip ####################################################################### ====== 4) Fix ====== No fix. The bug is public from the 18 Aug 2007 and the developers of the engine are aware of it from some weeks before that date. ####################################################################### --- Luigi Auriemma http://aluigi.org http://forum.aluigi.org http://mirror.aluigi.org  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |