GGZ Gaming Zone Multiple Denial Of Service Vulnerabilities
BID:17094
Info
GGZ Gaming Zone Multiple Denial Of Service Vulnerabilities
| Bugtraq ID: | 17094 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 14 2006 12:00AM |
| Updated: | Mar 16 2006 07:05AM |
| Credit: | These issues were discovered by Luigi Auriemma. |
| Vulnerable: |
GGZ Gaming Zone GGZ Gaming Zone 0.0.12 |
| Not Vulnerable: | |
Discussion
GGZ Gaming Zone Multiple Denial Of Service Vulnerabilities
GGZ Gaming Zone is prone to multiple remote denial-of-service vulnerabilities. These issues are due to improper input sanitization.
An attacker may cause the victim's connection to the server to terminate, causing a denial of service to legitimate users.
GGZ Gaming Zone is prone to multiple remote denial-of-service vulnerabilities. These issues are due to improper input sanitization.
An attacker may cause the victim's connection to the server to terminate, causing a denial of service to legitimate users.
Exploit / POC
GGZ Gaming Zone Multiple Denial Of Service Vulnerabilities
An exploit is not required.
Examples have been provided:
<PLAYER ID='mynick'' TYPE='guest' TABLE='-1' LAG='1'/>
<CHAT TYPE='normal' FROM='mynick'><![CDATA[aaaaaaaaaaaaaaaaaaaaaaa...
...aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa_end_here
<UPDATE TYPE='player' ACTION='lag' ROOM='0'>
Sample exploit code written in C has been provided:
An exploit is not required.
Examples have been provided:
<PLAYER ID='mynick'' TYPE='guest' TABLE='-1' LAG='1'/>
<CHAT TYPE='normal' FROM='mynick'><![CDATA[aaaaaaaaaaaaaaaaaaaaaaa...
...aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa_end_here
<UPDATE TYPE='player' ACTION='lag' ROOM='0'>
Sample exploit code written in C has been provided:
Solution / Fix
GGZ Gaming Zone Multiple Denial Of Service Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
GGZ Gaming Zone Multiple Denial Of Service Vulnerabilities
References:
References:
- GGZ Gaming Zone (Luigi Auriemma)
- GGZ Gaming Zone Web Site (GGZ Gaming Zone)