Nexuiz Remote Command Execution and Denial of Service Vulnerabilities

Bugtraq ID:	21574
Class:	Unknown
CVE:	CVE-2006-6609 CVE-2006-6610
Remote:	Yes
Local:	No
Published:	Dec 13 2006 12:00AM
Updated:	Feb 26 2007 06:06PM
Credit:	The vendor reported these vulnerabilities.
Vulnerable:	Gentoo Linux Alientrap Nexuiz 1.2.1 Alientrap Nexuiz 2.1 Alientrap Nexuiz 2.0 Alientrap Nexuiz 1.5 Alientrap Nexuiz 1.2
Not Vulnerable:	Alientrap Nexuiz 2.2.1

Nexuiz Remote Command Execution and Denial of Service Vulnerabilities

Nexuiz is prone is prone to multiple remote vulnerabilities, including a remote command-execution issue and a denial-of-service issue.

A remote attacker can exploit these issues to execute arbitrary commands within the context of the affected application or to cause the affected application to crash, denying service to legitimate users.

Versions prior to 2.2.1 are vulnerable to these issues.

Nexuiz Remote Command Execution and Denial of Service Vulnerabilities

An attacker can exploit the denial-of-service vulnerabilty by using standard network utilities and can exploit the remote command-execution vulnerability by sending specially crafted data to the affected server.

Nexuiz Remote Command Execution and Denial of Service Vulnerabilities

Solution:
The vendor released an update to address these issues. Please see the references for more information.

Nexuiz Remote Command Execution and Denial of Service Vulnerabilities

References:

• Nexuiz Change Log Version 2.2.1 (Alientrap)
  
• Nexuiz Home Page (Alientrap )