Techland XPand Rally Remote Denial Of Service Vulnerability

Bugtraq ID:	12409
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2005-0325
Remote:	Yes
Local:	No
Published:	Jan 31 2005 12:00AM
Updated:	Jul 12 2009 10:06AM
Credit:	Discovery of this vulnerability is credited to Luigi Auriemma.
Vulnerable:	Techland XPand Rally 1.0
Not Vulnerable:

Techland XPand Rally Remote Denial Of Service Vulnerability

Techland XPand Rally client and server are reported prone to a remote denial of service vulnerability.

It is reported that this vulnerability may be exploited by a malicious game server to crash all running instances of the game client because of the broadcast methods used to track game servers online.

A remote attacker may exploit this vulnerability to deny service to legitimate users.

Techland XPand Rally Remote Denial Of Service Vulnerability

The following exploit is available.

• /data/vulnerabilities/exploits/xprallyboom.zip

Techland XPand Rally Remote Denial Of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Techland XPand Rally Remote Denial Of Service Vulnerability

References:

• Xpand Rally DOS (Luigi Auriemma)
  
• Xpand Rally Homepage (Techland)