Executive Summary
| Summary | |
|---|---|
| Title | New bomberclone packages fix several vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | DSA-1180 | First vendor Publication | 2006-09-19 |
| Vendor | Debian | Last vendor Modification | 2006-09-19 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Luigi Auriemma discovered two security related bugs in bomberclone, a free Bomberman clone. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-4005 The program copies remotely provided data uncheced which could lead to a denial of service via an application crash. CVE-2006-4006 Bomberclone uses remotely provided data as length argument which can lead to the disclosure of private information. For the stable distribution (sarge) these problems have been fixed in version 0.11.5-1sarge2. For the unstable distribution (sid) these problems have been fixed in version 0.11.7-0.1. We recommend that you upgrade your bomberclone package. |
Original Source
| Url : http://www.debian.org/security/2006/dsa-1180 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-200 | Information Exposure |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 1180-1 (bomberclone) File : nvt/deb_1180_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 27649 | BomberClone Error Message Server Termination DoS BomberClone contains a flaw that may allow a malicious user to crash the server. The issue is triggered when sending an error message packet (normaly sent to clients) to the server. It is possible that the flaw may cause the server to crash resulting in a loss of availability. |
| 27648 | BomberClone send_pkg Function Remote Information Disclosure BomberClone contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when sending a specialy crafted packet (containing a huge word value related to the length of the packet), which will disclose part of the memory in the answering packet payload resulting in a loss of confidentiality. |
| 27647 | BomberClone rscache_add Crafted Packet Remote DoS BomberClone contains a flaw that may allow a malicious user to cause a denial of service. The issue is triggered when sending a specially crafted packet that is processed and used incorrectly in a memcpy function. Due to a big-endian check bypass it is possible that the flaw may cause a NULL dereference or overwrite of parts of the memory resulting in a loss availability. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1180.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2017-07-20 09:25:38 |
|
| 2016-04-26 17:32:52 |
|
| 2014-02-17 11:26:13 |
|
| 2013-05-11 12:17:07 |
|
