GGZ Gaming Zone Crafted XML DoS

2006-03-12T06:32:39
ID OSVDB:23848
Type osvdb
Reporter Luigi Auriemma(aluigi@autistici.org)
Modified 2006-03-12T06:32:39

Description

Vulnerability Description

GGZ Gaming Zone contains a flaw that may allow a remote denial of service. The issue is triggered when joining the server with a nickname that contains the single quote character at the end, with a nickname that is longer than 16 characters, or via an overly long text message, and will result in loss of availability for the service.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

GGZ Gaming Zone contains a flaw that may allow a remote denial of service. The issue is triggered when joining the server with a nickname that contains the single quote character at the end, with a nickname that is longer than 16 characters, or via an overly long text message, and will result in loss of availability for the service.

References:

Vendor URL: http://www.ggzgamingzone.org/ Secunia Advisory ID:19212 Other Advisory URL: http://aluigi.altervista.org/adv/ggzcdos-adv.txt FrSIRT Advisory: ADV-2006-0935 CVE-2006-1275 Bugtraq ID: 17094