Description
BZFlag server 2.0.4 and earlier allows remote attackers to cause a denial of service (application crash) via a callsign that is not followed by a NULL (\0) character.
Affected products
- bzflag / bzflag_server2.0.4
- bzflag / bzflag_server1.7c_release_1 – 1.7c_release_1
- bzflag / bzflag_server1.7c_release_2 – 1.7c_release_2
- bzflag / bzflag_server1.7c_release_2_patch_1 – 1.7c_release_2_patch_1
- bzflag / bzflag_server1.7c_release_2_patch_2 – 1.7c_release_2_patch_2
- bzflag / bzflag_server1.7c_release_2_patch_3 – 1.7c_release_2_patch_3
- bzflag / bzflag_server1.7d1 – 1.7d1
- bzflag / bzflag_server1.7d2 – 1.7d2
- bzflag / bzflag_server1.7d3 – 1.7d3
- bzflag / bzflag_server1.7d4 – 1.7d4
- bzflag / bzflag_server1.7d5 – 1.7d5
- bzflag / bzflag_server1.7d6 – 1.7d6
- bzflag / bzflag_server1.7d7 – 1.7d7
- bzflag / bzflag_server1.7d8 – 1.7d8
- bzflag / bzflag_server1.7d9 – 1.7d9
- bzflag / bzflag_server1.7e – 1.7e
- bzflag / bzflag_server1.7e1 – 1.7e1
- bzflag / bzflag_server1.7e2 – 1.7e2
- bzflag / bzflag_server1.7e4 – 1.7e4
- bzflag / bzflag_server1.7e6 – 1.7e6
- bzflag / bzflag_server1.7g0 – 1.7g0
- bzflag / bzflag_server1.7g2 – 1.7g2
- bzflag / bzflag_server1.10.0 – 1.10.0
- bzflag / bzflag_server1.10.2 – 1.10.2
- bzflag / bzflag_server1.10.4 – 1.10.4
- bzflag / bzflag_server1.10.6 – 1.10.6
- bzflag / bzflag_server1.10.8 – 1.10.8
- bzflag / bzflag_server2.0.0 – 2.0.0
- bzflag / bzflag_server2.0.2 – 2.0.2
References
- MISChttp://www.osvdb.org/22036
- MISChttp://aluigi.altervista.org/adv/bzflagboom-adv.txt
- MISChttp://www.securityfocus.com/bid/16066
- MISChttp://securitytracker.com/id?1015418
- MISChttp://cvs.sourceforge.net/viewcvs.py/%2Acheckout%2A/bzflag/bzflag/ChangeLog?rev=2.103
- VENDOR_ADVISORYhttp://secunia.com/advisories/18238
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/23872