CVE-2005-0848
CVSS5.0
发布时间 :2005-05-02 00:00:00
修订时间 :2008-09-05 16:47:29
NMCOS    

[原文]Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service via an empty UDP packet to the server, which cannot detect that a new packet has arrived using the socket ioctl.


[CNNVD]FUN labs 游戏引擎多个远程拒绝服务漏洞(CNNVD-200505-499)

        FUN labs开发的多款游戏,其中包括4X4 Off-road Adventure III,Big Game Hunter,Dangerous Hunts,Deer Hunt,Revolution,Secret Service,Shadow Force和US Most Wanted,允许远程攻击者通过空的针对服务器的UDP数据包来引起拒绝服务攻击,从而使用socket ioctl无法检查到新的数据包是否已到达。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:funlabs:cabelas_deer_hunt_2005_season
cpe:/a:funlabs:cabelas_big_game_hunter_2004_season
cpe:/a:funlabs:cabelas_dangerous_hunts
cpe:/a:funlabs:us_most_wanted_nowhere_to_hide
cpe:/a:funlabs:cabelas_big_game_hunter_2005
cpe:/a:funlabs:shadow_force_razor_unit
cpe:/a:funlabs:revolution
cpe:/a:funlabs:secret_service_in_harms_way
cpe:/a:funlabs:4x4_off-road_adventure_iii

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0848
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0848
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-499
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/19762
(UNKNOWN)  XF  funlabs-games-upd-dos(19762)
http://securitytracker.com/id?1013492
(VENDOR_ADVISORY)  SECTRACK  1013492
http://secunia.com/advisories/14638
(VENDOR_ADVISORY)  SECUNIA  14638
http://aluigi.altervista.org/adv/funlabsboom-adv.txt
(VENDOR_ADVISORY)  MISC  http://aluigi.altervista.org/adv/funlabsboom-adv.txt

- 漏洞信息

FUN labs 游戏引擎多个远程拒绝服务漏洞
中危 其他
2005-05-02 00:00:00 2005-10-20 00:00:00
远程  
        FUN labs开发的多款游戏,其中包括4X4 Off-road Adventure III,Big Game Hunter,Dangerous Hunts,Deer Hunt,Revolution,Secret Service,Shadow Force和US Most Wanted,允许远程攻击者通过空的针对服务器的UDP数据包来引起拒绝服务攻击,从而使用socket ioctl无法检查到新的数据包是否已到达。

- 公告与补丁

        暂无数据

- 漏洞信息

14904
FUN labs Game Engine Malformed UDP DoS
Remote / Network Access Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-03-20 Unknow
2005-03-20 Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

FUN labs Game Engine Multiple Remote Denial of Service Vulnerabilities
Failure to Handle Exceptional Conditions 12862
Yes No
2005-03-20 12:00:00 2009-07-12 10:56:00
Discovery is credited to Luigi Auriemma.

- 受影响的程序版本

FUN labs US Most Wanted: Nowhere To Hide
FUN labs Shadow Force: Razor Unit
FUN labs Secret Service - In harm's Way
FUN labs Revolution
FUN labs Cabela's Deer Hunt 2005
FUN labs Cabela's Dangerous Hunts
FUN labs Cabela's Big Game Hunter 2005
FUN labs Cabela's Big Game Hunter 2004

- 漏洞讨论

Multiple FUN labs games are affected by remote denial of service vulnerabilities.

A remote attacker can cause a game server to stop responding by sending an empty UDP packet.

Another vulnerability can allow a remote attacker to send a malformed join packet and crash the server.

These issues can be exploited to cause a denial of service condition in the server.

- 漏洞利用

An exploit is not required.

A proof of concept is available:

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站