[email protected]CVE-2006-1010

HistoryMar 06, 2006 - 9:02 p.m.

CVE-2006-1010

2006-03-0621:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-1010

buffer overflow

crossfire

denial of service

code execution

nvd

security vulnerability

7.2 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.238 Low

EPSS

Percentile

96.6%

JSON

Buffer overflow in socket/request.c in CrossFire before 1.9.0, when oldsocketmode is enabled, allows remote attackers to cause a denial of service (segmentation fault) and possibly execute code by sending the server a large request.

CPENameOperatorVersion
crossfire:crossfirecrossfireeq1.8.0
crossfire:crossfirecrossfireeq1.7.0

CPE	Name	Operator	Version
crossfire:crossfire	crossfire	eq	1.8.0
crossfire:crossfire	crossfire	eq	1.7.0

References

aluigi.altervista.org/poc/crossfirebof.zip

cvs.sourceforge.net/viewcvs.py/crossfire/crossfire/socket/request.c?r1=1.80&r2=1.81

secunia.com/advisories/19044

secunia.com/advisories/19194

secunia.com/advisories/19785

www.debian.org/security/2006/dsa-1001

www.gentoo.org/security/en/glsa/glsa-200604-11.xml

www.osvdb.org/23549

www.securityfocus.com/bid/16883

www.vupen.com/english/advisories/2006/0760

exchange.xforce.ibmcloud.com/vulnerabilities/24932

7.2 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.238 Low

EPSS

Percentile

96.6%

JSON

Related for CVE-2006-1010

openvas6 cvelist2 freebsd1 nessus3 debian2 gentoo1 prion2 debiancve2 ubuntucve2 cve1