DropTeam客户敏感信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113735 漏洞类型 信息泄露
发布时间 2007-10-05 更新时间 2007-10-25
CVE编号 CVE-2007-5264 CNNVD-ID CNNVD-200710-122
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/30643
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200710-122
|漏洞详情
Dropteam是由Battlefront开发的战略战争游戏。Dropteam中存在敏感信息泄露漏洞,如果要在线玩Dropteam游戏,首先需要使用有效的产品密钥注册帐号。客户端加入服务器所使用的报文包括以下字段:帐号用户名、口令、游戏版本和昵称。客户端向所要加入的服务器所传输的帐号凭据允许任意服务器管理员收集并使用这些帐号。
|漏洞EXP
source: http://www.securityfocus.com/bid/25943/info

DropTeam is prone to multiple remote vulnerabilities including multiple format-string issues, a stack-based buffer-overflow issue, multiple heap-based buffer-overflow issues, and an information-disclosure vulnerability.

An attacker could exploit these issues to execute arbitrary code within the context of the affected application, crash the application, and obtain sensitive information.

These issues affect DropTeam 1.3.3; other versions may also be affected.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/30643.zip
|参考资料

来源:BID
名称:25943
链接:http://www.securityfocus.com/bid/25943
来源:BUGTRAQ
名称:20071005MultiplevulnerabilitiesinDropteam1.3.3
链接:http://www.securityfocus.com/archive/1/archive/1/481616/100/0/threaded
来源:SECUNIA
名称:27107
链接:http://secunia.com/advisories/27107
来源:MISC
链接:http://aluigi.altervista.org/adv/dropteamz-adv.txt
来源:XF
名称:dropteam-account-information-disclosure(36978)
链接:http://xforce.iss.net/xforce/xfdb/36978
来源:SREASON
名称:3202
链接:http://securityreason.com/securityalert/3202