Info

Disclosure

Feb 24, 2004

Discovery

Unknown

Dates

Exploit

Feb 24, 2004

Solution

Unknown

Description

A remote overflow exists in Desert Rats vs. Afrika Korps Chat Package. The package fails check to boundary resulting in a buffer overflow. By sending a packet containing a chat message with a large 32bit number identifying the length of the message, an attacker can cause a denial of service or execute arbitrary command on the system, resulting in a loss of integrity or availability.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Wanadoo

Haegemonia

1.07

References

Related OSVDB ID: 10631
ISS X-Force ID: 15307
CVE ID: 2004-2361 (see also: NVD)
Other Advisory URL: http://aluigi.altervista.org/adv/hgmcrash-adv.txt
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-02/0619.html
Vendor URL: http://www.desertratsgame.com

Credit

Luigi Auriemma - aluigialtervista.org - http://aluigi.altervista.org

Direct URL: http://osvdb.org/36218