FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-1010

This CVE name corresponds to:

Entered Topic
2006-04-23 crossfire-server -- denial of service and remote code execution vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-1010 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-1010
Phase Assigned(20060306)

Description

Buffer overflow in socket/request.c in CrossFire before 1.9.0, when oldsocketmode is enabled, allows remote attackers to cause a denial of service (segmentation fault) and possibly execute code by sending the server a large request.

References

Source Reference
MISC http://aluigi.altervista.org/poc/crossfirebof.zip
CONFIRM http://cvs.sourceforge.net/viewcvs.py/crossfire/crossfire/socket/request.c?r1=1.80&r2=1.81
DEBIAN DSA-1001
GENTOO GLSA-200604-11
BID 16883
VUPEN ADV-2006-0760
OSVDB 23549
SECUNIA 19044
SECUNIA 19194
SECUNIA 19785
XF crossfire-oldsocketmode-bo(24932)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.