TITLE: Outgun Multiple Vulnerabilities SECUNIA ADVISORY ID: SA20098 VERIFY ADVISORY: http://secunia.com/advisories/20098/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: Outgun 1.x http://secunia.com/product/9932/ DESCRIPTION: Luigi Auriemma has reported some vulnerabilities in Outgun, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. 1) A boundary error within the handling of the "data_file_request" command can be exploited to cause a stack-based buffer overflow via a specially crafted "data_file_request" command with overly long "type" and "name" strings. 2) An error within the "leetnet" functions can be exploited to cause immediate termination of the game via overly large packets with more than 512 bytes of data. 3) An error in the "leetnet" functions within the handling of the message size field in a received packet can be exploited to cause out-of-bounds memory access, potentially causing a crash. 4) A boundary error within the "changeRegistration()" functions can be exploited to cause a buffer overflow and may allow modification of the information of other players in the server. The vulnerabilities have been reported in version 1.0.3 bot 2. Other versions may also be affected. SOLUTION: The vulnerabilities will reportedly be fixed in the next "bot" release. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/outgunx-adv.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------