Sauerbraten Multiple Remote Vulnerabilities
BID:16986
Info
Sauerbraten Multiple Remote Vulnerabilities
| Bugtraq ID: | 16986 |
| Class: | Unknown |
| CVE: |
CVE-2006-1103 CVE-2006-1100 CVE-2006-1101 CVE-2006-1102 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 06 2006 12:00AM |
| Updated: | Jul 06 2016 02:40PM |
| Credit: | Luigi Auriemma <[email protected]> discovered these issues. |
| Vulnerable: |
Sauerbraten Sauerbraten 2006_02_28 Sauerbraten Cube 2005_08_09 Gentoo Linux |
| Not Vulnerable: | |
Discussion
Sauerbraten Multiple Remote Vulnerabilities
Sauerbraten is susceptible to multiple remote vulnerabilities:
- A buffer-overflow issue that affects both clients and servers.
- An invalid memory-access, denial-of-service issue that affects both clients and servers.
- An invalid memory-access, denial-of-service issue that affects servers.
- An invalid map-file-processing, denial-of-service issue that affects clients.
These issues allow remote attackers to execute arbitrary machine code in the context of an affected application. Attackers may also crash both clients and servers, denying service to legitimate users.
Sauerbraten is susceptible to multiple remote vulnerabilities:
- A buffer-overflow issue that affects both clients and servers.
- An invalid memory-access, denial-of-service issue that affects both clients and servers.
- An invalid memory-access, denial-of-service issue that affects servers.
- An invalid map-file-processing, denial-of-service issue that affects clients.
These issues allow remote attackers to execute arbitrary machine code in the context of an affected application. Attackers may also crash both clients and servers, denying service to legitimate users.
Exploit / POC
Sauerbraten Multiple Remote Vulnerabilities
An exploit is available for these issues.
An exploit is available for these issues.
Solution / Fix
Sauerbraten Multiple Remote Vulnerabilities
Solution:
The vendor has released a CVS fix to address the issue affecting the 'sgetstr()' function (CVE-2006-1100). Please see references for more information, advisories, and fixes.
Solution:
The vendor has released a CVS fix to address the issue affecting the 'sgetstr()' function (CVE-2006-1100). Please see references for more information, advisories, and fixes.
References
Sauerbraten Multiple Remote Vulnerabilities
References:
References:
- Cube engine (Luigi Auriemma)
- Sauerbraten Home Page (Sauerbraten)
- Multiple vulnerabilities in Sauerbraten engine 2006_02_28 (Luigi Auriemma
)