FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

freeciv -- Denial of Service Vulnerabilities

Affected packages
freeciv < 2.0.8_2
freeciv-gtk < 2.0.8_2
freeciv-gtk2 < 2.0.8_2
freeciv-nox11 < 2.0.8_2

Details

VuXML ID 2d9ad236-4d26-11db-b48d-00508d6a62df
Discovery 2006-07-23
Entry 2006-09-26

Secunia reports:

Luigi Auriemma has reported a vulnerability in Freeciv, which can be exploited by malicious people to cause a DoS (Denial of Service).

An error in the "generic_handle_player_attribute_chunk()" function in common/packets.c can be exploited to crash the service via a specially crafted PACKET_PLAYER_ATTRIBUTE_CHUNK packet sent to the server.

An error in the "handle_unit_orders()" function in server/unithand.c can be exploited to crash the service via a specially crafted packet.

References

Bugtraq ID 19117
CVE Name CVE-2006-3913
URL http://aluigi.altervista.org/adv/freecivx-adv.txt
URL http://secunia.com/advisories/21171/