Ca3DE Multiple Remote Vulnerabilities
BID:12727
Info
Ca3DE Multiple Remote Vulnerabilities
| Bugtraq ID: | 12727 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 03 2005 12:00AM |
| Updated: | Mar 03 2005 12:00AM |
| Credit: | Discovery is credited to Luigi Auriemma. |
| Vulnerable: |
Ca3DE Ca3DE |
| Not Vulnerable: | |
Discussion
Ca3DE Multiple Remote Vulnerabilities
Ca3DE is reported prone to multiple remote vulnerabilities. An attacker can exploit these issues to carry out format string and denial of service attacks.
The following specific issues were identified:
It is reported that all commands accepted by the server are affected by format string vulnerabilities.
A successful attack may result in crashing the application or lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context of the application.
The application is also affected by a remote denial of service vulnerability.
Ca3DE versions released before March 2004 are affected by these issues.
Ca3DE is reported prone to multiple remote vulnerabilities. An attacker can exploit these issues to carry out format string and denial of service attacks.
The following specific issues were identified:
It is reported that all commands accepted by the server are affected by format string vulnerabilities.
A successful attack may result in crashing the application or lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context of the application.
The application is also affected by a remote denial of service vulnerability.
Ca3DE versions released before March 2004 are affected by these issues.
Exploit / POC
Ca3DE Multiple Remote Vulnerabilities
Proof of concept is available:
Proof of concept is available:
Solution / Fix
Ca3DE Multiple Remote Vulnerabilities
Solution:
Ca3DE versions released in March 2004 and subsequent are not affected by these issues. Please contact the vendor to obtain the fixed packages.
Solution:
Ca3DE versions released in March 2004 and subsequent are not affected by these issues. Please contact the vendor to obtain the fixed packages.
References
Ca3DE Multiple Remote Vulnerabilities
References:
References:
- Ca3DE Home Page (Carsten's 3D Engine)
- Carsten's 3D Engine (Luigi Auriemma)