CVE-2007-4426

Properties

Published:
19.08.2007
Updated:
23.08.2007
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Product:
Live for Speed: Live for Speed
Live for Speed: Live for Speed

Vulnerability description

Live for Speed (LFS) S1 and S2 allows remote attackers to cause a denial of service (server crash) via (1) a certain 0x00 byte in a pre-login ID 3 packet, which triggers a NULL dereference; or (2) a pre-login ID 5 packet that lacks certain strings, which triggers an invalid pointer dereference.

References:

BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/476516/100/0/threaded
FULLDISC: http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065265.html
XF: http://xforce.iss.net/xforce/xfdb/36020
XF: http://xforce.iss.net/xforce/xfdb/36019