|
Sauerbraten Engine Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA19111
|
|
|
Release Date:
|
2006-03-07
|
|
Last Update:
|
2006-03-13
|
|
Popularity:
|
5,351 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | Sauerbraten Game Engine
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2006-1100
CVE-2006-1101
CVE-2006-1102
|
|
Description:
Luigi Auriemma has reported some vulnerabilities in Sauerbraten Engine, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.
1) Some errors in the "sgetstr()", "sgetstr()" and "getint()" functions may be exploited to cause a DoS and may allow arbitrary code execution.
For more information:
SA19110
2) It is possible to cause the server to access unallocated memory and crash, when a client did not properly terminate its connection from the server.
The vulnerabilities have been reported in version 2006_02_28 and prior.
Solution:
Host network games only within trusted networks and do not connect to non-trusted game servers.
Provided and/or discovered by:
Luigi Auriemma
Changelog:
2006-03-13: Added CVE references.
Original Advisory:
http://aluigi.altervista.org/adv/sauerburn-adv.txt
Other References:
SA19110:
http://secunia.com/advisories/19110/
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
