CVE-2004-0724
CVSS5.0
发布时间 :2004-07-27 00:00:00
修订时间 :2016-10-17 22:48:12
NMCOS    

[原文]The Half-Life engine before July 7 2004 allows remote attackers to cause a denial of service (server or client crash) via an empty fragmented packet.


[CNNVD]Valve软件Half-Life引擎远程服务拒绝漏洞(CNNVD-200407-078)

        2004年7月7日之前的Half-Life引擎版本存在漏洞。远程攻击者借助空的碎片包导致服务拒绝(服务器或客户端崩溃)。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:valve_software:half-life:1.1.1.0
cpe:/a:valve_software:half-life_dedicated_server:4.1.0.8::win32
cpe:/a:valve_software:half-life_dedicated_server:4.1.0.7::win32
cpe:/a:valve_software:half-life_dedicated_server:4.1.0.6::win32
cpe:/a:valve_software:half-life_dedicated_server:3.1.0.9::linux
cpe:/a:valve_software:half-life_dedicated_server:3.1.0.6::linux
cpe:/a:valve_software:half-life_dedicated_server:3.1.0.8::linux
cpe:/a:valve_software:half-life_dedicated_server:3.1.3
cpe:/a:valve_software:half-life_dedicated_server:4.1.1.1c1::win32
cpe:/a:valve_software:half-life_dedicated_server:4.1.1.1e::win32
cpe:/a:valve_software:half-life:1.1.0.8
cpe:/a:valve_software:half-life:1.1.0.9
cpe:/a:valve_software:half-life_dedicated_server:3.1.1.1e::win32
cpe:/a:valve_software:half-life_dedicated_server:3.1.0.7::linux
cpe:/a:valve_software:half-life_dedicated_server:4.1.0.9::win32
cpe:/a:valve_software:half-life_dedicated_server:4.1.1.1d_beta::win32
cpe:/a:valve_software:half-life_dedicated_server:3.1
cpe:/a:valve_software:half-life_dedicated_server:3.1.0.5::linux
cpe:/a:valve_software:half-life_dedicated_server:4.1.1.1e::linux
cpe:/a:valve_software:half-life:1.1.0.4::linux
cpe:/a:valve_software:half-life_dedicated_server:3.1.0.4::linux
cpe:/a:valve_software:half-life_dedicated_server:3.1.1.1e::linux
cpe:/a:valve_software:half-life_dedicated_server:4.1.0.4::win32
cpe:/a:valve_software:half-life_dedicated_server:4.1.1.0::win32
cpe:/a:valve_software:half-life_dedicated_server:3.1.1.1c1::linux
cpe:/a:valve_software:half-life_dedicated_server:3.1.1.1d::linux
cpe:/a:valve_software:half-life_dedicated_server:3.1.1.0::linux
cpe:/a:valve_software:half-life:1.1.0.4::windows

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0724
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0724
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200407-078
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=108966465302107&w=2
(UNKNOWN)  BUGTRAQ  20040712 Remote crash of Half-Life servers and clients (versions before the 07 July 2004)
http://www.securityfocus.com/bid/10700
(UNKNOWN)  BID  10700
http://xforce.iss.net/xforce/xfdb/16674
(VENDOR_ADVISORY)  XF  halflife-packet-dos(16674)

- 漏洞信息

Valve软件Half-Life引擎远程服务拒绝漏洞
中危 其他
2004-07-27 00:00:00 2005-10-20 00:00:00
远程  
        2004年7月7日之前的Half-Life引擎版本存在漏洞。远程攻击者借助空的碎片包导致服务拒绝(服务器或客户端崩溃)。
        

- 公告与补丁

        It is conjectured that versions of Half-Life released after July 7, 2004 are not vulnerable to this issue. This is not confirmed at the moment.
        Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .

- 漏洞信息

7868
Half-Life Client/Server swds.dll Malformed Packet DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-07-12 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Valve Software Half-Life Engine Remote Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 10700
Yes No
2004-07-12 12:00:00 2009-07-12 06:16:00
Discovery is credited to Terry Henning.

- 受影响的程序版本

Valve Software Half-Life Dedicated Server 4.1.1 .1e Win32
Valve Software Half-Life Dedicated Server 4.1.1 .1e Linux
Valve Software Half-Life Dedicated Server 4.1.1 .1d Beta Win32
Valve Software Half-Life Dedicated Server 4.1.1 .1c1 Win32
Valve Software Half-Life Dedicated Server 4.1.1 .0 Win32
+ Valve Software Half-Life 1.1.1 .0
+ Valve Software Half-Life 1.1 .0.9
+ Valve Software Half-Life 1.1 .0.8
+ Valve Software Half-Life 1.1 .0.4 Windows
Valve Software Half-Life Dedicated Server 4.1 .0.9 Win32
+ Valve Software Half-Life 1.1.1 .0
+ Valve Software Half-Life 1.1 .0.9
+ Valve Software Half-Life 1.1 .0.8
+ Valve Software Half-Life 1.1 .0.4 Windows
Valve Software Half-Life Dedicated Server 4.1 .0.8 Win32
+ Valve Software Half-Life 1.1.1 .0
+ Valve Software Half-Life 1.1 .0.9
+ Valve Software Half-Life 1.1 .0.8
+ Valve Software Half-Life 1.1 .0.4 Windows
Valve Software Half-Life Dedicated Server 4.1 .0.7 Win32
+ Valve Software Half-Life 1.1.1 .0
+ Valve Software Half-Life 1.1 .0.9
+ Valve Software Half-Life 1.1 .0.8
+ Valve Software Half-Life 1.1 .0.4 Windows
Valve Software Half-Life Dedicated Server 4.1 .0.6 Win32
+ Valve Software Half-Life 1.1.1 .0
+ Valve Software Half-Life 1.1 .0.9
+ Valve Software Half-Life 1.1 .0.8
+ Valve Software Half-Life 1.1 .0.4 Windows
Valve Software Half-Life Dedicated Server 4.1 .0.4 Win32
+ Valve Software Half-Life 1.1.1 .0
+ Valve Software Half-Life 1.1 .0.9
+ Valve Software Half-Life 1.1 .0.8
+ Valve Software Half-Life 1.1 .0.4 Windows
Valve Software Half-Life Dedicated Server 3.1.3
Valve Software Half-Life Dedicated Server 3.1.1 .1e Win32
Valve Software Half-Life Dedicated Server 3.1.1 .1e Linux
Valve Software Half-Life Dedicated Server 3.1.1 .1d Linux
Valve Software Half-Life Dedicated Server 3.1.1 .1c1 Linux
Valve Software Half-Life Dedicated Server 3.1.1 .0 Linux
+ Valve Software Half-Life 1.1 .0.4 Linux
Valve Software Half-Life Dedicated Server 3.1 .0.9 Linux
+ Valve Software Half-Life 1.1 .0.4 Linux
Valve Software Half-Life Dedicated Server 3.1 .0.8 Linux
+ Valve Software Half-Life 1.1 .0.4 Linux
Valve Software Half-Life Dedicated Server 3.1 .0.7 Linux
+ Valve Software Half-Life 1.1 .0.4 Linux
Valve Software Half-Life Dedicated Server 3.1 .0.6 Linux
+ Valve Software Half-Life 1.1 .0.4 Linux
Valve Software Half-Life Dedicated Server 3.1 .0.5 Linux
+ Valve Software Half-Life 1.1 .0.4 Linux
Valve Software Half-Life Dedicated Server 3.1 .0.4 Linux
+ Valve Software Half-Life 1.1 .0.4 Linux
Valve Software Half-Life Dedicated Server 3.1
- Caldera OpenLinux 2.4
- Conectiva Linux 5.1
- Debian Linux 2.3
- S.u.S.E. Linux 7.0
- Slackware Linux 7.1
Valve Software Half-Life 1.1.1 .0
Valve Software Half-Life 1.1 .0.9
Valve Software Half-Life 1.1 .0.8
- Microsoft Windows 98 SP1
- Microsoft Windows 98 b
- Microsoft Windows 98 a
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Valve Software Half-Life 1.1 .0.4 Windows
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0
Valve Software Half-Life 1.1 .0.4 Linux
- Caldera OpenLinux 2.4
- Debian Linux 2.2
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- RedHat Linux 7.0 i386
- RedHat Linux 6.2 i386
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4
- SCO eDesktop 2.4
- SCO eServer 2.3.1

- 漏洞讨论

Half-Life is reported prone to a remote denial of service vulnerability. This issue presents itself when the application receives a malformed TCP packet.

All versions of Half-Life released before July 7, 2004 are reported to be vulnerable to this issue.

- 漏洞利用

A proof of concept exploit is available from the following location:

http://aluigi.altervista.org/poc/hlboom.zip

- 解决方案

It is conjectured that versions of Half-Life released after July 7, 2004 are not vulnerable to this issue. This is not confirmed at the moment.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站