CrossFire SetUp Remote Buffer Overflow Vulnerability
BID:17093
Info
CrossFire SetUp Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 17093 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-1236 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 13 2006 12:00AM |
| Updated: | Dec 13 2006 04:23PM |
| Credit: | Reported by landser <ihsahn at gmail com>. |
| Vulnerable: |
Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia-64 Debian Linux 3.0 ia-32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 Crossfire Crossfire 1.9 Crossfire Crossfire 1.8 Crossfire Crossfire 1.6 Crossfire Crossfire 1.1 |
| Not Vulnerable: | |
Discussion
CrossFire SetUp Remote Buffer Overflow Vulnerability
CrossFire is prone to a remote buffer-overflow vulnerability. This can facilitate a remote compromise due to arbitrary code execution.
CrossFire 1.9.0 and prior versions are vulnerable.
CrossFire is prone to a remote buffer-overflow vulnerability. This can facilitate a remote compromise due to arbitrary code execution.
CrossFire 1.9.0 and prior versions are vulnerable.
Exploit / POC
CrossFire SetUp Remote Buffer Overflow Vulnerability
Sample exploit code has been provided:
Sample exploit code has been provided:
Solution / Fix
CrossFire SetUp Remote Buffer Overflow Vulnerability
Solution:
Please see referenced vendor advisories for more information and fixes.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Crossfire Crossfire 1.1
Crossfire Crossfire 1.6
Solution:
Please see referenced vendor advisories for more information and fixes.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Crossfire Crossfire 1.1
-
Debian crossfire-doc_1.1.0-1woody2_all.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-doc _1.1.0-1woody2_all.deb -
Debian crossfire-edit_1.1.0-1woody2_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edi t_1.1.0-1woody2_alpha.deb -
Debian crossfire-edit_1.1.0-1woody2_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edi t_1.1.0-1woody2_arm.deb -
Debian crossfire-edit_1.1.0-1woody2_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edi t_1.1.0-1woody2_hppa.deb -
Debian crossfire-edit_1.1.0-1woody2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edi t_1.1.0-1woody2_i386.deb -
Debian crossfire-edit_1.1.0-1woody2_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edi t_1.1.0-1woody2_ia64.deb -
Debian crossfire-edit_1.1.0-1woody2_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edi t_1.1.0-1woody2_m68k.deb -
Debian crossfire-edit_1.1.0-1woody2_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edi t_1.1.0-1woody2_mips.deb -
Debian crossfire-edit_1.1.0-1woody2_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edi t_1.1.0-1woody2_mipsel.deb -
Debian crossfire-edit_1.1.0-1woody2_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edi t_1.1.0-1woody2_powerpc.deb -
Debian crossfire-edit_1.1.0-1woody2_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edi t_1.1.0-1woody2_s390.deb -
Debian crossfire-edit_1.1.0-1woody2_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edi t_1.1.0-1woody2_sparc.deb -
Debian crossfire-server_1.1.0-1woody2_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-ser ver_1.1.0-1woody2_alpha.deb -
Debian crossfire-server_1.1.0-1woody2_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-ser ver_1.1.0-1woody2_arm.deb -
Debian crossfire-server_1.1.0-1woody2_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-ser ver_1.1.0-1woody2_hppa.deb -
Debian crossfire-server_1.1.0-1woody2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-ser ver_1.1.0-1woody2_i386.deb -
Debian crossfire-server_1.1.0-1woody2_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-ser ver_1.1.0-1woody2_ia64.deb -
Debian crossfire-server_1.1.0-1woody2_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-ser ver_1.1.0-1woody2_m68k.deb -
Debian crossfire-server_1.1.0-1woody2_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-ser ver_1.1.0-1woody2_mips.deb -
Debian crossfire-server_1.1.0-1woody2_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-ser ver_1.1.0-1woody2_mipsel.deb -
Debian crossfire-server_1.1.0-1woody2_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-ser ver_1.1.0-1woody2_powerpc.deb -
Debian crossfire-server_1.1.0-1woody2_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-ser ver_1.1.0-1woody2_s390.deb -
Debian crossfire-server_1.1.0-1woody2_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-ser ver_1.1.0-1woody2_sparc.deb
Crossfire Crossfire 1.6
-
Debian crossfire-doc_1.6.0.dfsg.1-4sarge2_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-doc _1.6.0.dfsg.1-4sarge2_all.deb -
Debian crossfire-edit_1.6.0.dfsg.1-4sarge2_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edi t_1.6.0.dfsg.1-4sarge2_alpha.deb -
Debian crossfire-edit_1.6.0.dfsg.1-4sarge2_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edi t_1.6.0.dfsg.1-4sarge2_amd64.deb -
Debian crossfire-edit_1.6.0.dfsg.1-4sarge2_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edi t_1.6.0.dfsg.1-4sarge2_arm.deb -
Debian crossfire-edit_1.6.0.dfsg.1-4sarge2_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edi t_1.6.0.dfsg.1-4sarge2_hppa.deb -
Debian crossfire-edit_1.6.0.dfsg.1-4sarge2_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edi t_1.6.0.dfsg.1-4sarge2_i386.deb -
Debian crossfire-edit_1.6.0.dfsg.1-4sarge2_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edi t_1.6.0.dfsg.1-4sarge2_ia64.deb -
Debian crossfire-edit_1.6.0.dfsg.1-4sarge2_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edi t_1.6.0.dfsg.1-4sarge2_m68k.deb -
Debian crossfire-edit_1.6.0.dfsg.1-4sarge2_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edi t_1.6.0.dfsg.1-4sarge2_mips.deb -
Debian crossfire-edit_1.6.0.dfsg.1-4sarge2_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edi t_1.6.0.dfsg.1-4sarge2_mipsel.deb -
Debian crossfire-edit_1.6.0.dfsg.1-4sarge2_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edi t_1.6.0.dfsg.1-4sarge2_powerpc.deb -
Debian crossfire-edit_1.6.0.dfsg.1-4sarge2_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edi t_1.6.0.dfsg.1-4sarge2_s390.deb -
Debian crossfire-edit_1.6.0.dfsg.1-4sarge2_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edi t_1.6.0.dfsg.1-4sarge2_sparc.deb -
Debian crossfire-server_1.6.0.dfsg.1-4sarge2_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-ser ver_1.6.0.dfsg.1-4sarge2_alpha.deb -
Debian crossfire-server_1.6.0.dfsg.1-4sarge2_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-ser ver_1.6.0.dfsg.1-4sarge2_amd64.deb -
Debian crossfire-server_1.6.0.dfsg.1-4sarge2_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-ser ver_1.6.0.dfsg.1-4sarge2_arm.deb -
Debian crossfire-server_1.6.0.dfsg.1-4sarge2_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-ser ver_1.6.0.dfsg.1-4sarge2_hppa.deb -
Debian crossfire-server_1.6.0.dfsg.1-4sarge2_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-ser ver_1.6.0.dfsg.1-4sarge2_i386.deb -
Debian crossfire-server_1.6.0.dfsg.1-4sarge2_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-ser ver_1.6.0.dfsg.1-4sarge2_ia64.deb -
Debian crossfire-server_1.6.0.dfsg.1-4sarge2_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-ser ver_1.6.0.dfsg.1-4sarge2_m68k.deb -
Debian crossfire-server_1.6.0.dfsg.1-4sarge2_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-ser ver_1.6.0.dfsg.1-4sarge2_mips.deb -
Debian crossfire-server_1.6.0.dfsg.1-4sarge2_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-ser ver_1.6.0.dfsg.1-4sarge2_mipsel.deb -
Debian crossfire-server_1.6.0.dfsg.1-4sarge2_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-ser ver_1.6.0.dfsg.1-4sarge2_powerpc.deb -
Debian crossfire-server_1.6.0.dfsg.1-4sarge2_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-ser ver_1.6.0.dfsg.1-4sarge2_s390.deb -
Debian crossfire-server_1.6.0.dfsg.1-4sarge2_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-ser ver_1.6.0.dfsg.1-4sarge2_sparc.deb