|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200604-11] Crossfire server: Denial of Service and potential arbitrary code execution Vulnerability Scan
Vulnerability Scan Summary Crossfire server: Denial of Service and potential arbitrary code execution
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200604-11
(Crossfire server: Denial of Service and potential arbitrary code execution)
Luigi Auriemma discovered a vulnerability in the Crossfire game
server, in the handling of the "oldsocketmode" option when processing
overly large requests.
Impact
A possible hacker can set up a malicious Crossfire client that would
send a large request in "oldsocketmode", resulting in a Denial of
Service on the Crossfire server and potentially in the execution of
arbitrary code on the server with the rights of the game server.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1010
Solution:
All Crossfire server users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=games-server/crossfire-server-1.9.0"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|