|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] Roger Wilco Nickname Buffer Overflow and Partial Packet DoS
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Mon Jul 07 2003 - 08:47:59 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Roger Wilco Nickname Buffer Overflow and Partial Packet DoS
READ ONLINE:
http://www.secunia.com/advisories/9177/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
From remote
SOFTWARE:
Roger Wilco 1.x
DESCRIPTION:
Two vulnerabilities have been reported in Roger Wilco, which can be
exploited by malicious people to cause a DoS (Denial of Service) on a
server or other clients that potentially also may be compromised.
The first vulnerability is caused due to a boundary error in the
client when handling nicknames. This can be exploited by setting an
overly long (516 bytes or more) nickname, which may cause a buffer
overflow on other clients connected to the same server.
Successful exploitation could potentially allow execution of
arbitrary code on a system with a vulnerable client installed.
The second vulnerability can be exploited by a malicious client to
cause a DoS on a server by sending a partial "join-packet" instead of
a full one. This will cause the server to freeze until the client is
disconnected.
The vulnerabilities have been reported in version Mark 1d3. The
dedicated server version is not affected.
SOLUTION:
Update to version 1.4.1.2:
http://rogerwilco.gamespy.com/products/downloads/rw_win_dload.html
REPORTED BY / CREDITS:
Auriemma Luigi
ORIGINAL ADVISORY:
http://www.pivx.com/luigi/adv/wilco-adv.txt
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]