|
Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2006:135: freeciv Vulnerability Scan
Vulnerability Scan Summary Check for the version of the freeciv package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2006:135 (freeciv).
Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul
2006 and earlier, allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a (1) negative
chunk_length or a (2) large chunk->offset value in a
PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the
generic_handle_player_attribute_chunk function in common/packets.c, and
(3) a large packet->length value in the handle_unit_orders function in
server/unithand.c.
The updated packages have been patched to fix this issue.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:135
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|