Vulnerabilities > CVE-2006-1194 - Unspecified vulnerability in Enet Library
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN enet
exploit available
Summary
Integer signedness error in the enet_protocol_handle_incoming_commands function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32, allows remote attackers to cause a denial of service (application crash) via a packet with a large command length value, which leads to an invalid memory access.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | ENet Multiple Denial of Service Vulnerabilities. CVE-2006-1194. Dos exploits for multiple platform |
| id | EDB-ID:27420 |
| last seen | 2016-02-03 |
| modified | 2006-03-13 |
| published | 2006-03-13 |
| reporter | Luigi Auriemma |
| source | https://www.exploit-db.com/download/27420/ |
| title | ENet Multiple Denial of Service Vulnerabilities |
References
- http://aluigi.altervista.org/adv/enetx-adv.txt
- http://aluigi.altervista.org/adv/enetx-adv.txt
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043541.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043541.html
- http://secunia.com/advisories/19208
- http://secunia.com/advisories/19208
- http://securitytracker.com/id?1015767
- http://securitytracker.com/id?1015767
- http://www.osvdb.org/23844
- http://www.osvdb.org/23844
- http://www.securityfocus.com/archive/1/427465/100/0/threaded
- http://www.securityfocus.com/archive/1/427465/100/0/threaded
- http://www.securityfocus.com/bid/17087
- http://www.securityfocus.com/bid/17087
- http://www.vupen.com/english/advisories/2006/0940
- http://www.vupen.com/english/advisories/2006/0940
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25157
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25157