|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 4043 CVE : CVE-2008-3314 CWE : CWE-20 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : No Exploit Available : Yes Credit : Luigi Auriemma Published : 28.07.2008
Advisory Content : ####################################################################### Luigi Auriemma Application: ZDaemon http://www.zdaemon.org Versions: <= 1.08.07 Platforms: Windows and Linux Bug: NULL pointer Exploitation: remote, versus server (in-game) Date: 21 Jul 2008 Author: Luigi Auriemma e-mail: aluigi (at) autistici (dot) org [email concealed] web: aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== ZDaemon is one of the most played multiplayer ports of the Doom engine and at the same time one of the most criticized too. ####################################################################### ====== 2) Bug ====== The ZDaemon server is affected by a NULL pointer vulnerability which allows an attacker to crash it when a specific type of command (type 6) is used. The attacker needs to join the server for exploiting this bug so his IP address must be not banned and he must know the right keyword if the server is protected with a password. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/zdaemonull.zip ####################################################################### ====== 4) Fix ====== No fix ####################################################################### --- Luigi Auriemma http://aluigi.org http://backup.aluigi.org http://mirror.aluigi.org References : http://xforce.iss.net/xforce/xfdb/43946
http://www.securityfocus.com/bid/30340
http://www.securityfocus.com/archive/1/archive/1/494634/100/0/threaded
http://secunia.com/advisories/31185
http://aluigi.org/poc/zdaemonull.zip
http://aluigi.altervista.org/adv/zdaemonull-adv.txt  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |