Info

Disclosure

Jan 17, 2005

Discovery

Unknown

Dates

Exploit

Jan 17, 2005

Solution

Unknown

Description

HaloCON versions 2.0.0.81 and earlier are vulnerable to a denial of service attack. By sending a specially-crafted UDP packet to port 2305, a remote attacker could terminate HaloCON server's socket.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

No patch is available yet as of writing this text. Possible solution at the moment is to host games on a trusted network only.

Products

Zaboo

HaloCON Dedicated Server

2.0.0.81

References

Secunia Advisory ID: 13868
Other Advisory URL: http://aluigi.altervista.org/adv/halocon-adv.txt
http://www.securiteam.com/windowsntfocus/5XP0D20EKO.html
Vendor URL: http://www.zaboo.net

Credit

Luigi Auriemma - aluigiautistici.org - http://aluigi.altervista.org

Direct URL: http://osvdb.org/36218