Info

Disclosure

Jul 30, 2006

Discovery

Unknown

Dates

Exploit

Jul 30, 2006

Solution

Unknown

Description

BomberClone contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when sending a specialy crafted packet (containing a huge word value related to the length of the packet), which will disclose part of the memory in the answering packet payload resulting in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

BomberClone

0.11.6

References

Bugtraq ID: 19255
Related OSVDB ID: 27647 27649
Generic Exploit URL: http://aluigi.org/poc/bcloneboom.zip
Other Advisory URL: http://aluigi.altervista.org/adv/bcloneboom-adv.txt
Vendor Specific Advisory URL: http://www.us.debian.org/security/2006/dsa-1180
Secunia Advisory ID: 21303 21985
CVE ID: 2006-4006 (see also: NVD)
Vendor URL: http://bomberclone.de/

Credit

Luigi Auriemma - aluigialtervista.org - http://aluigi.altervista.org

Direct URL: http://osvdb.org/36218