Executive Summary
| Summary | |
|---|---|
| Title | New bomberclone packages fix arbitrary code execution |
| Informations | |||
|---|---|---|---|
| Name | DSA-997 | First vendor Publication | 2006-03-13 |
| Vendor | Debian | Last vendor Modification | 2006-03-13 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Stefan Cornelius of Gentoo Security discovered that bomberclone, a free Bomberman-like game, crashes when receiving overly long error packets, which may also allow remote attackers to execute arbitrary code. The old stable distribution (woody) does not contain bomberclone packages. For the stable distribution (sarge) these problems have been fixed in version 0.11.5-1sarge1. For the unstable distribution (sid) these problems have been fixed in version 0.11.6.2-1. We recommend that you upgrade your bomberclone package. |
Original Source
| Url : http://www.debian.org/security/2006/dsa-997 |
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2006-03-22 | BomberClone < 0.11.6.2 - (Error Messages) Remote Buffer Overflow Exploit |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200602-09 (games-action/bomberclone) File : nvt/glsa_200602_09.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 997-1 (bomberclone) File : nvt/deb_997_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 23263 | BomberClone Error Message Remote Overflow A remote overflow exists in BomberClone. BomberClone fails to perform a proper boundary check within the processing of error messages, resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of integrity. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | bomberclone buffer overflow attempt RuleID : 10125 - Revision : 9 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-997.nasl - Type : ACT_GATHER_INFO |
| 2006-02-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200602-09.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:35:00 |
|
