Cauldron Chaser Remote Denial Of Service Vulnerability
BID:9567
Info
Cauldron Chaser Remote Denial Of Service Vulnerability
| Bugtraq ID: | 9567 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-0247 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 03 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | Discovery of this issue has been credited to Luigi Auriemma <[email protected]>. |
| Vulnerable: |
Cauldron Chaser Server 1.5 Cauldron Chaser Server 1.4.9 Cauldron Chaser Client 1.5 |
| Not Vulnerable: | |
Discussion
Cauldron Chaser Remote Denial Of Service Vulnerability
Chaser has been reported to be prone to a denial of service vulnerability. This issue is caused by a lack of input validation of a size parameter specified in UDP network communication packets. The process will attempt to read the amount of data specified by the packet, without regard to the amount of memory allocated. This will cause an attempt by the application to dereference unallocated memory, producing an exception and causing the process to crash.
Chaser has been reported to be prone to a denial of service vulnerability. This issue is caused by a lack of input validation of a size parameter specified in UDP network communication packets. The process will attempt to read the amount of data specified by the packet, without regard to the amount of memory allocated. This will cause an attempt by the application to dereference unallocated memory, producing an exception and causing the process to crash.
Exploit / POC
Cauldron Chaser Remote Denial Of Service Vulnerability
The following proof of concept has been supplied:
The following proof of concept has been supplied:
Solution / Fix
Cauldron Chaser Remote Denial Of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Cauldron Chaser Remote Denial Of Service Vulnerability
References:
References:
- Chaser Home Page (Cauldron)
- Remote crash of Chaser game <= 1.50 (Luigi Auriemma
)