11 matches found
[SECURITY] Fedora 17 Update: redeclipse-1.2-12.fc17
A single-player and multi-player first-person ego-shooter, built on Cube Engine 2, which lends itself toward a balanced gameplay, completely at the control of map makers, while maintaining a general theme of agility in a variety of environments. Features: Balanced gameplay, with a general theme o...
Design/Logic Flaw
Sauerbraten 20060228, as derived from the Cube engine, allows remote attackers to cause a denial of service client exit by forcing the server to change to a map ogz file whose name contains ".." sequences and has a certain length that prevents the addition of the ".ogz" extension...
CVE-2006-1101
The 1 sgetstr and 2 getint functions in Sauerbraten 20060228, as derived from the Cube engine, allow remote attackers to cause a denial of service segmentation fault via long streams of input data that trigger an out-of-bounds read, as demonstrated using SVEXT tag data in the Cube engine, which i...
Null pointer dereference
engine/server.cpp in Sauerbraten 20060228, as derived from the Cube engine, allows remote attackers to cause a denial of service segmentation fault via a client that does not completely join the game and times out, which results in a null pointer dereference...
Out-of-bounds
The 1 sgetstr and 2 getint functions in Sauerbraten 20060228, as derived from the Cube engine, allow remote attackers to cause a denial of service segmentation fault via long streams of input data that trigger an out-of-bounds read, as demonstrated using SVEXT tag data in the Cube engine, which i...
CVE-2006-1100
Buffer overflow in the sgetstr function in shared/cube.h in Sauerbraten 20060228 and earlier, as derived from the Cube engine, allows remote attackers to execute arbitrary code via long streams of input data...
CVE-2006-1102
Sauerbraten 20060228, as derived from the Cube engine, allows remote attackers to cause a denial of service client exit by forcing the server to change to a map ogz file whose name contains ".." sequences and has a certain length that prevents the addition of the ".ogz" extension...
CVE-2006-1100
Buffer overflow in the sgetstr function in shared/cube.h in Sauerbraten 20060228 and earlier, as derived from the Cube engine, allows remote attackers to execute arbitrary code via long streams of input data...
CVE-2006-1100
CVE-2006-1100 concerns a buffer overflow in the sgetstr function in shared/cube.h of Sauerbraten (Cube engine) before and including 2006-02-28. The vulnerability can be triggered by long input streams, potentially allowing a remote attacker to execute arbitrary code with the privileges of the run...
CVE-2006-1101
The CVE-2006-1101 entry affects Cube (Sauerbraten 2006_02_28) via a failure to verify input length in sgetstr()/getint(), enabling remote attackers to trigger an out-of-bounds read and cause a denial of service. Connected advisories confirm the issue in Cube’s sgetstr and getint functions and not...
Multiple vulnerabilities in Cube engine 2005_08_29
Luigi Auriemma Application: Cube engine http://www.cubeengine.com Versions: = 20050829 Platforms: Windows, nix, BSD and MacOS Bugs: A sgetstr buffer-overflow B invalid memory access C clients crash through invalid map Exploitation: remote, versus both server and clients Date: 06 Mar 2006 Author:...