FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

crossfire-server -- denial of service and remote code execution vulnerability

Affected packages
crossfire-server < 1.9.0

Details

VuXML ID 86cc5c6f-d2b4-11da-a672-000e0c2e438a
Discovery 2006-02-28
Entry 2006-04-23

FRSIRT reports:

A vulnerability has been identified in CrossFire, which could be exploited by remote attackers to execute arbitrary commands or cause a denial of service. This flaw is due to a buffer overflow error in the "oldsocketmode" module that fails to properly handle overly large requests, which could be exploited by a malicious client to crash or compromise a vulnerable system.

References

Bugtraq ID 16883
CVE Name CVE-2006-1010
URL http://www.frsirt.com/english/advisories/2006/0760