PunkBuster Screenshot Database Login Form Multiple Field SQL Injection

2004-02-19T04:53:16
ID OSVDB:18981
Type osvdb
Reporter Just1n T1mberlake(hotpackets@hellokitty.com)
Modified 2004-02-19T04:53:16

Description

Vulnerability Description

PunkBuster has been repoted to contain a flaw allowing SQL injection attacks. The initial disclosure contains several discrepancies that suggest this is a fake advisory. Preliminary source code checks do not find mention of the variables mentioned, the vendor URL provided is for an add-on product and the e-mail address supposedly contacted is not referenced on the vendor page or distribution.

Solution Description

The vulnerability reported is incorrect. No solution required.

Short Description

PunkBuster has been repoted to contain a flaw allowing SQL injection attacks. The initial disclosure contains several discrepancies that suggest this is a fake advisory. Preliminary source code checks do not find mention of the variables mentioned, the vendor URL provided is for an add-on product and the e-mail address supposedly contacted is not referenced on the vendor page or distribution.

References:

Vendor URL: http://pbdb.sourceforge.net/ Security Tracker: 1009145 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-02/0528.html Keyword: Timberlake Advisory 200402181e-03 ISS X-Force ID: 15267 CVE-2004-2340 Bugtraq ID: 9697