Vulnerabilities > CVE-2006-0460 - Buffer Overflow vulnerability in BomberClone Error Messages
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote attackers to execute arbitrary code via long error messages.
Vulnerable Configurations
Exploit-Db
description BomberClone < 0.11.6.2 (Error Messages) Remote Buffer Overflow Exploit. CVE-2006-0460. Remote exploits for multiple platform id EDB-ID:1602 last seen 2016-01-31 modified 2006-03-22 published 2006-03-22 reporter esca zoo source https://www.exploit-db.com/download/1602/ title BomberClone < 0.11.6.2 - Error Messages Remote Buffer Overflow Exploit description Bomberclone 0.11.6 Buffer Overflow. CVE-2006-0460. Remote exploit for windows platform id EDB-ID:16433 last seen 2016-02-01 modified 2010-04-30 published 2010-04-30 reporter metasploit source https://www.exploit-db.com/download/16433/ title Bomberclone 0.11.6 - Buffer Overflow
Metasploit
description | This module exploits a stack buffer overflow in Bomberclone 0.11.6 for Windows. The return address is overwritten with lstrcpyA memory address, the second and third value are the destination buffer, the fourth value is the source address of our buffer in the stack. This exploit is like a return in libc. ATTENTION The shellcode is exec ONLY when someone try to close bomberclone. |
id | MSF:EXPLOIT/WINDOWS/MISC/BOMBERCLONE_OVERFLOW |
last seen | 2020-06-13 |
modified | 1976-01-01 |
published | 1976-01-01 |
references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0460 |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/misc/bomberclone_overflow.rb |
title | Bomberclone 0.11.6 Buffer Overflow |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200602-09.NASL description The remote host is affected by the vulnerability described in GLSA-200602-09 (BomberClone: Remote execution of arbitrary code) Stefan Cornelius of the Gentoo Security team discovered multiple missing buffer checks in BomberClone last seen 2020-06-01 modified 2020-06-02 plugin id 20935 published 2006-02-17 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20935 title GLSA-200602-09 : BomberClone: Remote execution of arbitrary code code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200602-09. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(20935); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2006-0460"); script_xref(name:"GLSA", value:"200602-09"); script_name(english:"GLSA-200602-09 : BomberClone: Remote execution of arbitrary code"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200602-09 (BomberClone: Remote execution of arbitrary code) Stefan Cornelius of the Gentoo Security team discovered multiple missing buffer checks in BomberClone's code. Impact : By sending overly long error messages to the game via network, a remote attacker may exploit buffer overflows to execute arbitrary code with the rights of the user running BomberClone. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200602-09" ); script_set_attribute( attribute:"solution", value: "All BomberClone users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=games-action/bomberclone-0.11.6.2-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Bomberclone 0.11.6 Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:bomberclone"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/02/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/02/17"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"games-action/bomberclone", unaffected:make_list("ge 0.11.6.2-r1"), vulnerable:make_list("lt 0.11.6.2-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "BomberClone"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-997.NASL description Stefan Cornelius of Gentoo Security discovered that bomberclone, a free Bomberman-like game, crashes when receiving overly long error packets, which may also allow remote attackers to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 22863 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22863 title Debian DSA-997-1 : bomberclone - buffer overflows
Packetstorm
data source | https://packetstormsecurity.com/files/download/83072/bomberclone_overflow.rb.txt |
id | PACKETSTORM:83072 |
last seen | 2016-12-05 |
published | 2009-11-26 |
reporter | acaro |
source | https://packetstormsecurity.com/files/83072/Bomberclone-0.11.6-Buffer-Overflow.html |
title | Bomberclone 0.11.6 Buffer Overflow |
Seebug
bulletinFamily exploit description No description provided by source. id SSV:15937 last seen 2017-11-19 modified 2006-03-22 published 2006-03-22 reporter Root source https://www.seebug.org/vuldb/ssvid-15937 title BomberClone < 0.11.6.2 (Error Messages) Remote Buffer Overflow Exploit bulletinFamily exploit description No description provided by source. id SSV:63429 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-63429 title BomberClone < 0.11.6.2 - (Error Messages) Remote Buffer Overflow Exploit
References
- http://secunia.com/advisories/18914
- http://secunia.com/advisories/18915
- http://secunia.com/advisories/19210
- http://www.debian.org/security/2006/dsa-997
- http://www.gentoo.org/security/en/glsa/glsa-200602-09.xml
- http://www.osvdb.org/23263
- http://www.securityfocus.com/bid/16697
- http://www.vupen.com/english/advisories/2006/0643
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24764