Info

Disclosure

Jun 05, 2005

Discovery

Unknown

Dates

Exploit

Jun 05, 2005

Solution

Unknown

Description

Raknet contains a flaw that may allow a remote denial of service. The issue is triggered when an empty UDP datagram is received by the server, and will result in loss of availability for the service.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.33 (05/30/2005) or higher, as it has been reported to fix this vulnerability. Note that this flaw was fixed in the 5/30/2005 release without a change in version number. An upgrade is required as there are no known workarounds.

Products

Rakkarsoft, LLC	RakNet	2.0x
		2.1x
		2.2x
		2.301
		2.305
		2.31
		2.33

References

Security Tracker: 1014111
Bugtraq ID: 13862
Secunia Advisory ID: 15597
CVE ID: 2005-1899 (see also: NVD)
ISS X-Force ID: 20905
Other Advisory URL: http://aluigi.altervista.org/adv/rakzero-adv.txt
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0026.html
Vendor URL: http://www.rakkarsoft.com/

Credit

Luigi Auriemma - aluigiautistici.org - http://aluigi.altervista.org

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Rakkarsoft, LLC

RakNet

References

Credit