RakNet Empty UDP Datagram Remote DoS

2005-06-05T08:17:59
ID OSVDB:17125
Type osvdb
Reporter Luigi Auriemma(aluigi@autistici.org)
Modified 2005-06-05T08:17:59

Description

Vulnerability Description

Raknet contains a flaw that may allow a remote denial of service. The issue is triggered when an empty UDP datagram is received by the server, and will result in loss of availability for the service.

Solution Description

Upgrade to version 2.33 (05/30/2005) or higher, as it has been reported to fix this vulnerability. Note that this flaw was fixed in the 5/30/2005 release without a change in version number. An upgrade is required as there are no known workarounds.

Short Description

Raknet contains a flaw that may allow a remote denial of service. The issue is triggered when an empty UDP datagram is received by the server, and will result in loss of availability for the service.

References:

Vendor URL: http://www.rakkarsoft.com/ Security Tracker: 1014111 Secunia Advisory ID:15597 Other Advisory URL: http://aluigi.altervista.org/adv/rakzero-adv.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0026.html ISS X-Force ID: 20905 CVE-2005-1899 Bugtraq ID: 13862