Sparklet agl_text.cpp Multiple Function Format String

2006-07-06T04:34:03
ID OSVDB:27038
Type osvdb
Reporter Luigi Auriemma(aluigi@autistici.org)
Modified 2006-07-06T04:34:03

Description

Vulnerability Description

A vulnerability has been identified in Sparklet. This flaw is due to a format string error in the 'WriteText()' and 'allegro_gl_printf_ex()' functions when handling user-supplied input (e.g. nickname), which could be exploited by remote attackers to crash or compromise a vulnerable client via a malicious nickname.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A vulnerability has been identified in Sparklet. This flaw is due to a format string error in the 'WriteText()' and 'allegro_gl_printf_ex()' functions when handling user-supplied input (e.g. nickname), which could be exploited by remote attackers to crash or compromise a vulnerable client via a malicious nickname.

References:

Vendor URL: http://sparklet.sourceforge.net/ Security Tracker: 1016443 Secunia Advisory ID:20974 Other Advisory URL: http://www.frsirt.com/english/advisories/2006/2695 Other Advisory URL: http://aluigi.altervista.org/adv/sparkletfs-adv.txt Other Advisory URL: http://www.frsirt.com/english/reference/15277 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0106.html ISS X-Force ID: 27603 FrSIRT Advisory: ADV-2006-2695 FrSIRT Advisory: ADV-2006-2763 CVE-2006-3573 Bugtraq ID: 18949 Bugtraq ID: 18862