OpenTTD 拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110126 漏洞类型 其他
发布时间 2006-04-23 更新时间 2006-04-26
CVE编号 CVE-2006-1998 CNNVD-ID CNNVD-200604-495
漏洞平台 Multiple CVSS评分 2.1
|漏洞来源
https://www.exploit-db.com/exploits/1709
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-495
|漏洞详情
OpenTTD0.4.7及早期版本允许本地用户借助于较大的无效错误编号造成拒绝服务(应用程序崩溃),这导致了一个错误。
|漏洞EXP
#######################################################################

                             Luigi Auriemma

Application:  OpenTTD
              http://www.openttd.org
Versions:     <= 0.4.7
Platforms:    Windows, *nix, *BSD, Mac and others
Bugs:         A] program termination through big error number
              B] broadcast clients disconnection in multiplayer menu
Exploitation: A] remote, versus server and client (in-game)
              B] remote, versus clients (broadcast)
Date:         23 Apr 2006
Author:       Luigi Auriemma
              e-mail: aluigi@autistici.org
              web:    http://aluigi.altervista.org


#######################################################################

Backup: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/1709.zip (04232006-openttdx.zip)
|参考资料

来源:VUPEN
名称:ADV-2006-1480
链接:http://www.frsirt.com/english/advisories/2006/1480
来源:MISC
链接:http://aluigi.altervista.org/adv/openttdx-adv.txt
来源:SECUNIA
名称:19768
链接:http://secunia.com/advisories/19768
来源:XF
名称:openttd-command-packet-dos(26000)
链接:http://xforce.iss.net/xforce/xfdb/26000
来源:BID
名称:17661
链接:http://www.securityfocus.com/bid/17661
来源:BUGTRAQ
名称:20060423DenialofservicebugsinOpenTTD0.4.7
链接:http://www.securityfocus.com/archive/1/archive/1/431871/100/0/threaded
来源:GENTOO
名称:GLSA-200609-03
链接:http://security.gentoo.org/glsa/glsa-200609-03.xml
来源:SECUNIA
名称:21799
链接:http://secunia.com/advisories/21799