Gearbox Software Halo Game Server无限循环拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108804 漏洞类型 其他
发布时间 2005-05-24 更新时间 2008-06-30
CVE编号 CVE-2005-1741 CNNVD-ID CNNVD-200505-1153
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/25699
https://www.securityfocus.com/bid/13728
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-1153
|漏洞详情
GearboxSoftwareHalo:CombatEvolved1.6允许远程攻击者通过有缺陷的数据来发起拒绝服务攻击(无限循环)。
|漏洞EXP
source: http://www.securityfocus.com/bid/13728/info

The Halo Game Server is prone to a denial-of-service condition. The issue arises when malformed data is sent to the game server, causing it to enter an infinite loop.

This issue was reported to affect Halo Game Server 1.06; earlier versions are likely vulnerable.

UPDATE: The vulnerability also affects Halo Game Server 1.07. 


https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/25699-2.zip
|受影响的产品
Gearbox Software Halo Combat Evolved 1.07 Gearbox Software Halo Combat Evolved 1.06
|参考资料

来源:BID
名称:13728
链接:http://www.securityfocus.com/bid/13728
来源:VUPEN
名称:ADV-2005-0616
链接:http://www.frsirt.com/english/advisories/2005/0616
来源:SECTRACK
名称:1014067
链接:http://securitytracker.com/id?1014067
来源:SECUNIA
名称:15501
链接:http://secunia.com/advisories/15501
来源:MISC
链接:http://aluigi.altervista.org/adv/haloloop-adv.txt