PunkBuster CVAR Command Remote Format String

2006-02-16T06:48:12
ID OSVDB:23268
Type osvdb
Reporter Luigi Auriemma(aluigi@altervista.org)
Modified 2006-02-16T06:48:12

Description

Vulnerability Description

Simple command line modification of a CVAR variable in the PunkBuster enabled server allows the user to DoS and possibly remote execution.

Solution Description

A fix has released a fix for this issue

Short Description

Simple command line modification of a CVAR variable in the PunkBuster enabled server allows the user to DoS and possibly remote execution.

References:

Vendor URL: http://www.punkbuster.com/ Secunia Advisory ID:18917 Other Advisory URL: http://aluigi.altervista.org/adv/sof2pbfs-adv.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0372.html CVE-2006-0771 Bugtraq ID: 16703