Vulnerabilities > CVE-2006-1101 - Remote vulnerability in Sauerbraten Cube and Sauerbraten
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as derived from the Cube engine, allow remote attackers to cause a denial of service (segmentation fault) via long streams of input data that trigger an out-of-bounds read, as demonstrated using SV_EXT tag data in the Cube engine, which is not properly handled by getint.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description Cube <= 2005_08_29 Multiple BoF/Crash Vulnerabilities Exploit. CVE-2006-1101. Dos exploit for windows platform id EDB-ID:1560 last seen 2016-01-31 modified 2006-03-06 published 2006-03-06 reporter Luigi Auriemma source https://www.exploit-db.com/download/1560/ title Cube <= 2005_08_29 - Multiple BoF/Crash Vulnerabilities Exploit description Sauerbraten <= 2006_02_28 Multiple BoF/Crash Vulnerabilities Exploit. CVE-2006-1100,CVE-2006-1101,CVE-2006-1102,CVE-2006-1103. Dos exploit for windows pla... id EDB-ID:1559 last seen 2016-01-31 modified 2006-03-06 published 2006-03-06 reporter Luigi Auriemma source https://www.exploit-db.com/download/1559/ title Sauerbraten <= 2006_02_28 - Multiple BoF/Crash Vulnerabilities Exploit
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-200603-10.NASL |
description | The remote host is affected by the vulnerability described in GLSA-200603-10 (Cube: Multiple vulnerabilities) Luigi Auriemma reported that Cube is vulnerable to a buffer overflow in the sgetstr() function (CVE-2006-1100) and that the sgetstr() and getint() functions fail to verify the length of the supplied argument, possibly leading to the access of invalid memory regions (CVE-2006-1101). Furthermore, he discovered that a client crashes when asked to load specially crafted mapnames (CVE-2006-1102). Impact : A remote attacker could exploit the buffer overflow to execute arbitrary code with the rights of the user running cube. An attacker could also exploit the other vulnerabilities to crash a Cube client or server, resulting in a Denial of Service. Workaround : Play solo games or restrict your multiplayer games to trusted parties. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21048 |
published | 2006-03-13 |
reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21048 |
title | GLSA-200603-10 : Cube: Multiple vulnerabilities |
code |
|
References
- http://aluigi.altervista.org/adv/evilcube-adv.txt
- http://secunia.com/advisories/19110
- http://secunia.com/advisories/19111
- http://secunia.com/advisories/19199
- http://www.gentoo.org/security/en/glsa/glsa-200603-10.xml
- http://www.securityfocus.com/archive/1/426865/100/0/threaded
- http://www.securityfocus.com/archive/1/426867/100/0/threaded
- http://www.securityfocus.com/bid/16986
- http://www.vupen.com/english/advisories/2006/0847
- http://www.vupen.com/english/advisories/2006/0848
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25085