CVE-2006-1010
published 2006-03-06CVE-2006-1010: Buffer overflow in socket/request.c in CrossFire before 1.9.0, when oldsocketmode is enabled, allows remote attackers to cause a denial of service…
PriorityP336medium6.4CVSS 2.0
AVNACLAuNCNIPAP
EXPLOIT
EPSS
17.25%
96.7th percentile
Buffer overflow in socket/request.c in CrossFire before 1.9.0, when oldsocketmode is enabled, allows remote attackers to cause a denial of service (segmentation fault) and possibly execute code by sending the server a large request.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| crossfire | crossfire | — | — |
| crossfire | crossfire | — | — |
| crossfire | crossfire | — | — |
| crossfire | crossfire | >= 0 < 1.9.0-1 | 1.9.0-1 |
| crossfire | crossfire | >= 0 < 1.9.0-2 | 1.9.0-2 |
| crossfire | crossfire | >= 0 < 1.9.0-1 | 1.9.0-1 |
| crossfire | crossfire | >= 0 < 1.9.0-2 | 1.9.0-2 |
| crossfire | crossfire | >= 0 < 1.9.0-1 | 1.9.0-1 |
| crossfire | crossfire | >= 0 < 1.9.0-2 | 1.9.0-2 |
| crossfire | crossfire | >= 0 < 1.9.0-1 | 1.9.0-1 |
| crossfire | crossfire | >= 0 < 1.9.0-2 | 1.9.0-2 |
| debian | crossfire | < crossfire 1.9.0-1 (bookworm) | crossfire 1.9.0-1 (bookworm) |
| debian | crossfire | < crossfire 1.9.0-2 (bookworm) | crossfire 1.9.0-2 (bookworm) |
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
osv6.4MEDIUM
vendor_debian6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2006-1010: crossfire - Buffer overflow in socket/request.c in CrossFire before 1.9.0, when oldsocketmod...
vendor_debian·2006·CVSS 6.4
CVE-2006-1010 [MEDIUM] CVE-2006-1010: crossfire - Buffer overflow in socket/request.c in CrossFire before 1.9.0, when oldsocketmod...
Buffer overflow in socket/request.c in CrossFire before 1.9.0, when oldsocketmode is enabled, allows remote attackers to cause a denial of service (segmentation fault) and possibly execute code by sending the server a large request.
Scope: local
bookworm: resolved (fixed in 1.9.0-1)
bullseye: resolved (fixed in 1.9.0-1)
forky: resolved (fixed in 1.9.0-1)
sid: resolved (fixed in 1.9.0-1)
trixie: resolved (fixed in 1.9.0-1)
Debian
CVE-2006-1236: crossfire - Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 all...
vendor_debian·2006·CVSS 6.4
CVE-2006-1236 [MEDIUM] CVE-2006-1236: crossfire - Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 all...
Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010.
Scope: local
bookworm: resolved (fixed in 1.9.0-2)
bullseye: resolved (fixed in 1.9.0-2)
forky: resolved (fixed in 1.9.0-2)
sid: resolved (fixed in 1.9.0-2)
trixie: resolved (fixed in 1.9.0-2)
GHSA
GHSA-9gcr-358p-mv64: Buffer overflow in socket/request
ghsa_unreviewed·2022-05-01
CVE-2006-1010 [MEDIUM] GHSA-9gcr-358p-mv64: Buffer overflow in socket/request
Buffer overflow in socket/request.c in CrossFire before 1.9.0, when oldsocketmode is enabled, allows remote attackers to cause a denial of service (segmentation fault) and possibly execute code by sending the server a large request.
GHSA
GHSA-3hxr-9gc8-927w: Buffer overflow in the SetUp function in socket/request
ghsa_unreviewed·2022-05-01·CVSS 6.4
CVE-2006-1236 [MEDIUM] GHSA-3hxr-9gc8-927w: Buffer overflow in the SetUp function in socket/request
Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010.
OSV
CVE-2006-1236: Buffer overflow in the SetUp function in socket/request
osv·2006-03-15·CVSS 6.4
CVE-2006-1236 [MEDIUM] CVE-2006-1236: Buffer overflow in the SetUp function in socket/request
Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010.
OSV
CVE-2006-1010: Buffer overflow in socket/request
osv·2006-03-06·CVSS 6.4
CVE-2006-1010 [MEDIUM] CVE-2006-1010: Buffer overflow in socket/request
Buffer overflow in socket/request.c in CrossFire before 1.9.0, when oldsocketmode is enabled, allows remote attackers to cause a denial of service (segmentation fault) and possibly execute code by sending the server a large request.
No detection rules found.
Exploit-DB
Joomla! Component MosReporter 0.9.3 - Remote File Inclusion
exploitdb·2006-11-17
CVE-2006-6051 Joomla! Component MosReporter 0.9.3 - Remote File Inclusion
Joomla! Component MosReporter 0.9.3 - Remote File Inclusion
---
#!/usr/bin/perl
########################################################################################################
# MosReporter Joomla Component Remote File Inclusion Exploit
########################################################################################################
# Download Script http://mamboxchange.com/tracker/download.php/196/805/1010/119/reporter_mambelfish.zip
########################################################################################################
# Bug Found & coded By Crackers_Child
#########################################################################################################
# [email protected]
#########################################################
Exploit-DB
CrossFire 1.8.0 - 'oldsocketmode' Remote Buffer Overflow (PoC)
exploitdb·2006-02-27
CVE-2006-1010 CrossFire 1.8.0 - 'oldsocketmode' Remote Buffer Overflow (PoC)
CrossFire 1.8.0 - 'oldsocketmode' Remote Buffer Overflow (PoC)
---
/*
by Luigi Auriemma
*/
#include
#include
#include
#include
#ifdef WIN32
#include
/*
Header file used for manage errors in Windows
It support socket and errno too
(this header replace the previous sock_errX.h)
*/
#include
#include
void std_err(void) {
char *error;
switch(WSAGetLastError()) {
case 10004: error = "Interrupted system call"; break;
case 10009: error = "Bad file number"; break;
case 10013: error = "Permission denied"; break;
case 10014: error = "Bad address"; break;
case 10022: error = "Invalid argument (not bind)"; break;
case 10024: error = "Too many open files"; break;
case 10035: error = "Operation would block"; break;
case 10036: error = "Operation now in progress"; break;
case 10037: error = "Ope
No writeups or analysis indexed.
http://aluigi.altervista.org/poc/crossfirebof.ziphttp://cvs.sourceforge.net/viewcvs.py/crossfire/crossfire/socket/request.c?r1=1.80&r2=1.81http://secunia.com/advisories/19044http://secunia.com/advisories/19194http://secunia.com/advisories/19785http://www.debian.org/security/2006/dsa-1001http://www.gentoo.org/security/en/glsa/glsa-200604-11.xmlhttp://www.osvdb.org/23549http://www.securityfocus.com/bid/16883http://www.vupen.com/english/advisories/2006/0760https://exchange.xforce.ibmcloud.com/vulnerabilities/24932http://aluigi.altervista.org/poc/crossfirebof.ziphttp://cvs.sourceforge.net/viewcvs.py/crossfire/crossfire/socket/request.c?r1=1.80&r2=1.81http://secunia.com/advisories/19044http://secunia.com/advisories/19194http://secunia.com/advisories/19785http://www.debian.org/security/2006/dsa-1001http://www.gentoo.org/security/en/glsa/glsa-200604-11.xmlhttp://www.osvdb.org/23549http://www.securityfocus.com/bid/16883http://www.vupen.com/english/advisories/2006/0760https://exchange.xforce.ibmcloud.com/vulnerabilities/24932
2006-03-06
Published