Vulnerabilities > CVE-2006-4126 - Denial of Service vulnerability in Dconnect Daemon 0.0.2/0.0.3/0.7.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to cause a denial of service (application crash) by sending a client message before providing the nickname, which triggers a null pointer dereference. This vulnerability is addressed in the following product release: DConnect, DConnect Daemon, 0.7.1
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
| description | DConnect Daemon DC Chat Denial of Service Vulnerability. CVE-2006-4126. Dos exploits for multiple platform |
| id | EDB-ID:28345 |
| last seen | 2016-02-03 |
| modified | 2006-08-06 |
| published | 2006-08-06 |
| reporter | Luigi Auriemma |
| source | https://www.exploit-db.com/download/28345/ |
| title | DConnect Daemon DC Chat Denial of Service Vulnerability |
References
- http://secunia.com/advisories/21384
- http://securityreason.com/securityalert/1377
- http://securitytracker.com/id?1016641
- http://www.dc.ds.pg.gda.pl/
- http://www.dc.ds.pg.gda.pl/?page=doc&doc=changelog
- http://www.securityfocus.com/archive/1/442440/100/0/threaded
- http://www.securityfocus.com/bid/19370
- http://www.vupen.com/english/advisories/2006/3181
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28279