Vulnerabilities > CVE-2006-4005 - Remote vulnerability in Bomberclone
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
BomberClone 0.11.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via (1) a certain malformed PKGF_ackreq packet, which triggers a crash in the rscache_add() function in pkgcache.c; and (2) an error packet, which is intended to be received by clients and force client shutdown, but also triggers server shutdown.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-1180.NASL |
description | Luigi Auriemma discovered two security related bugs in bomberclone, a free Bomberman clone. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4005 The program copies remotely provided data unchecked which could lead to a denial of service via an application crash. - CVE-2006-4006 Bomberclone uses remotely provided data as length argument which can lead to the disclosure of private information. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22722 |
published | 2006-10-14 |
reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/22722 |
title | Debian DSA-1180-1 : bomberclone - programming error |
code |
|
References
- http://aluigi.altervista.org/adv/bcloneboom-adv.txt
- http://aluigi.org/poc/bcloneboom.zip
- http://secunia.com/advisories/21303
- http://secunia.com/advisories/21985
- http://www.debian.org/security/2006/dsa-1180
- http://www.osvdb.org/27647
- http://www.osvdb.org/27649
- http://www.securityfocus.com/bid/19255
- http://www.vupen.com/english/advisories/2006/3067
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28090
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28093