dopewars on Win32 Remote Format String

2005-12-30T05:29:39
ID OSVDB:22125
Type osvdb
Reporter OSVDB
Modified 2005-12-30T05:29:39

Description

Vulnerability Description

A remote overflow exists in dopewars. The dopewars server fails to handle user data safely resulting in a format string overflow. With a specially crafted request, an attacker can cause the server to treat user-supplied data as a format string resulting in a loss of integrity.

Solution Description

Upgrade to version 1.5.12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in dopewars. The dopewars server fails to handle user data safely resulting in a format string overflow. With a specially crafted request, an attacker can cause the server to treat user-supplied data as a format string resulting in a loss of integrity.

References:

Vendor URL: http://dopewars.sourceforge.net/ Vendor Specific News/Changelog Entry: http://dopewars.sourceforge.net/ChangeLog Secunia Advisory ID:18246 CVE-2005-4610 Bugtraq ID: 16104