CVE-2007-4448

Properties

Published:
19.08.2007
Updated:
23.08.2007
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Product:
Toribash: Toribash

Vulnerability description

The server in Toribash 2.71 and earlier does not properly handle partially joined clients that are temporarily assigned the ID of -1, which allows remote attackers to cause a denial of service (daemon crash) via a GRIP command with the ID of -1.

References:

BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/477025/100/0/threaded
http://aluigi.org/poc/toribashish.zip: http://aluigi.org/poc/toribashish.zip
BID: http://www.securityfocus.com/bid/25359
SECUNIA: http://secunia.com/advisories/26507