CVE-2006-0771

Sažetak

Format string vulnerability in PunkBuster 1.180 and earlier, as used by Soldier of Fortune II and possibly other games, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in invalid cvar values, which are not properly handled when the server kicks the player and records the reason.

Reference

http://aluigi.altervista.org/adv/sof2pbfs-adv.txt
http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0372.html
http://secunia.com/advisories/18917
http://securityreason.com/securityalert/448
http://www.securityfocus.com/archive/1/425286/100/0/threaded
http://www.securityfocus.com/bid/16703
https://exchange.xforce.ibmcloud.com/vulnerabilities/24792

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:P

Zadnje važnije ažuriranje

19-10-2018 - 15:46

Objavljeno

18-02-2006 - 21:02