Raydium Multiple Remote Buffer Overflow and Denial Of Service Vulnerabilities
BID:17986
CVE-2006-2408 | CVE-2006-2409 | CVE-2006-2410 | CVE-2006-2411 | CVE-2006-2412 |Info
Raydium Multiple Remote Buffer Overflow and Denial Of Service Vulnerabilities
| Bugtraq ID: | 17986 |
| Class: | Unknown |
| CVE: |
CVE-2006-2408 CVE-2006-2409 CVE-2006-2410 CVE-2006-2411 CVE-2006-2412 |
| Remote: | Yes |
| Local: | No |
| Published: | May 15 2006 12:00AM |
| Updated: | Jul 06 2016 02:40PM |
| Credit: | Luigi Auriemma is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Raydium Raydium Game Engine 0 |
| Not Vulnerable: | |
Discussion
Raydium Multiple Remote Buffer Overflow and Denial Of Service Vulnerabilities
Raydium is susceptible to multiple remote vulnerabilities:
- Multiple buffer-overflow vulnerabilities in both client and server instances.
- A format-string vulnerability in both client and server instances.
- A NULL-pointer dereference denial-of-service vulnerability in both client and server instances.
- A buffer-overflow vulnerability in client instances.
These vulnerabilities allow remote attackers to execute arbitrary machine code in the context of affected client and server instances of games that use the affected game engine software. Attackers may also crash vulnerable instances, denying service to legitimate users.
Raydium is susceptible to multiple remote vulnerabilities:
- Multiple buffer-overflow vulnerabilities in both client and server instances.
- A format-string vulnerability in both client and server instances.
- A NULL-pointer dereference denial-of-service vulnerability in both client and server instances.
- A buffer-overflow vulnerability in client instances.
These vulnerabilities allow remote attackers to execute arbitrary machine code in the context of affected client and server instances of games that use the affected game engine software. Attackers may also crash vulnerable instances, denying service to legitimate users.
Exploit / POC
Raydium Multiple Remote Buffer Overflow and Denial Of Service Vulnerabilities
The following proof-of-concept exploit is available:
The following proof-of-concept exploit is available:
Solution / Fix
Raydium Multiple Remote Buffer Overflow and Denial Of Service Vulnerabilities
Solution:
Some of these issues have been addressed in the Subversion repository of the affected game engine. Users of affected packages should contact the vendor for further information on obtaining and applying fixes.
Solution:
Some of these issues have been addressed in the Subversion repository of the affected game engine. Users of affected packages should contact the vendor for further information on obtaining and applying fixes.
References
Raydium Multiple Remote Buffer Overflow and Denial Of Service Vulnerabilities
References:
References:
- Raydium Home Page (Raydium)
- Raydium SVN Changelog (Raydium)
- Multiple vulnerabilities in Raydium rev 309 (Luigi Auriemma