Yager Nickname Field Remote Overflow

2005-04-14T08:46:13
ID OSVDB:15507
Type osvdb
Reporter Luigi Auriemma(aluigi@autistici.org)
Modified 2005-04-14T08:46:13

Description

Vulnerability Description

A remote overflow exists in THQ's Yager. Yager fails to check the length of the nickname field (ID 0x1e) resulting in a buffer overflow. Using specially crafted input, an attacker can cause remote code execution resulting in a loss of confidentiality and/or integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A remote overflow exists in THQ's Yager. Yager fails to check the length of the nickname field (ID 0x1e) resulting in a buffer overflow. Using specially crafted input, an attacker can cause remote code execution resulting in a loss of confidentiality and/or integrity.

References:

Vendor URL: http://yager.thq.de/ Secunia Advisory ID:14967 Related OSVDB ID: 15509 Related OSVDB ID: 15508 Other Advisory URL: http://aluigi.altervista.org/adv/yagerbof-adv.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0329.html ISS X-Force ID: 20100 CVE-2005-1163 Bugtraq ID: 13178