Vulnerabilities > CVE-2006-3788 - Unspecified vulnerability in Ufo2000
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code via (1) a long unit name in Net::recv_add_unit,; (2) large values to Net::recv_rules, Net::recv_select_unit, Net::recv_options, and Net::recv_unit_data; and (3) a large mapdata GEODATA structure in Net::recv_map_data.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-200702-10.NASL |
description | The remote host is affected by the vulnerability described in GLSA-200702-10 (UFO2000: Multiple vulnerabilities) Five vulnerabilities were found: a buffer overflow in recv_add_unit(); a problem with improperly trusting user-supplied string information in decode_stringmap(); several issues with array manipulation via various commands during play; a SQL injection in server_protocol.cpp; and finally, a second buffer overflow in recv_map_data(). Impact : An attacker could send crafted network traffic as part of a multi-player game that could result in remote code execution on the remote opponent or the server. A remote attacker could also run arbitrary SQL queries against the server account database, and perform a Denial of Service on a remote opponent by causing the game to crash. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 24722 |
published | 2007-02-27 |
reporter | This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/24722 |
title | GLSA-200702-10 : UFO2000: Multiple vulnerabilities |
code |
|
References
- http://aluigi.altervista.org/adv/ufo2ko-adv.txt
- http://secunia.com/advisories/21091
- http://secunia.com/advisories/24297
- http://securityreason.com/securityalert/1259
- http://securitytracker.com/id?1016503
- http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/multiplay.cpp?view=log
- http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/server_transport.cpp?view=log
- http://www.gentoo.org/security/en/glsa/glsa-200702-10.xml
- http://www.securityfocus.com/archive/1/440293/100/0/threaded
- http://www.vupen.com/english/advisories/2006/2837
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27798