Monopd Game Server Buffer Overflow May Let Remote Users Execute Arbitrary Code on the System
|
|
SecurityTracker Alert ID: 1005856 |
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Dec 26 2002
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 0.6.2
|
Description: A buffer overflow was reported in the Monopd game server. A remote user can execute arbitrary code on the system.
The vendor reported that a buffer overflow exists in the messaging framework and can be triggered by a remote user to execute arbitrary code with the privileges of the game server.
|
Impact: A remote user can execute arbitrary code on the system.
|
Solution: The vendor has released a fixed version (0.6.2), available at:
http://unixcode.org/monopd/download.html
http://prdownloads.sourceforge.net/monopd/monopd-0.6.2.tar.gz
The vendor has also updated the "Monopigator meta server" to display only fixed servers.
|
Vendor URL: unixcode.org/monopd/ (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 26 Dec 2002 16:44:20 -0500
Subject: monopd bug fix
|
- monopd 0.6.2 (Development)
by Rob Kaper (http://freshmeat.net/users/cap/)
Tuesday, December 24th 2002 08:26
Games/Entertainment
About: monopd is a dedicated game server daemon for Monopoly-like board
games. Clients such as Atlantik can connect and allow users to play
various games with other users of the network.
Changes: This release includes a security fix against a buffer overflow in
the messaging framework which could allow an attacker to run arbitrary
code, and small XML output fixes when deleting trade objects.
License: GNU General Public License (GPL)
URL: http://freshmeat.net/projects/monopd/
|
|
