Freeciv Multiple Remote Denial Of Service Vulnerabilities Network Vulnerability

Summary

This host is running Freeciv and is prone to multiple denial of service vulnerabilities.

Impact

Successful exploitation will allow attackers to cause denial of service condition. Impact Level: Application

Solution

Update to version 2.2.2 or later, For updates refer to http://www.freeciv.org

Insight

- Malloc exception in 'jumbo' packet within the common/packet.c. Endless loop in packets PACKET_PLAYER_INFO, PACKET_GAME_INFO, PACKET_EDIT_PLAYER_CREATE, PACKET_EDIT_PLAYER_REMOVE, PACKET_EDIT_CITY and PACKET_EDIT_PLAYER use some particular functions that can be tricked into an endless loop that freezes the server with CPU at 100%.

Affected

Freeciv Version 2.2.1 and prior

References

http://aluigi.altervista.org/adv/freecivet-adv.txt
http://aluigi.org/poc/freecivet.zip

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-5645

CVSS	Base Score: 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Asterisk IAX2 Call Number Exhaustion DOS Vulnerability (Linux)
Adobe Reader Denial of Service Vulnerability (May09)
Apple QuickTime Multiple Vulnerabilities - Jun09
Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Linux)
Apple Safari Multiple Vulnerabilities June-09 (Win) - II

Take action and discover your vulnerabilities