|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200608-16] Warzone 2100 Resurrection: Multiple buffer overflows Vulnerability Scan
Vulnerability Scan Summary Warzone 2100 Resurrection: Multiple buffer overflows
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200608-16
(Warzone 2100 Resurrection: Multiple buffer overflows)
Luigi Auriemma discovered two buffer overflow vulnerabilities in
Warzone 2100 Resurrection. The recvTextMessage function of the Warzone
2100 Resurrection server and the NETrecvFile function of the client use
insufficiently sized buffers.
Impact
A remote attacker could exploit these vulnerabilities by sending
specially crafted input to the server, or enticing a user to load a
specially crafted file from a malicious server. This may result in the
execution of arbitrary code with the permissions of the user running
Warzone 2100 Resurrection.
Workaround
There is no known workaround for this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3849
Solution:
Warzone 2100 Resurrection has been masked in Portage pending the
resolution of these issues. Warzone 2100 Resurrection players are
advised to uninstall the package until further notice:
# emerge --ask --unmerge "games-strategy/warzone2100"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|