Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2006-4006

Published: 07/08/2006 Updated: 20/07/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Bomberclone

Vulnerability Summary

The do_gameinfo function in BomberClone 0.11.6 and previous versions, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote malicious users to read portions of server memory.

Vulnerable Product Search on Vulmon Subscribe to Product

bomberclone bomberclone

bomberclone bomberclone 0.11.3

bomberclone bomberclone 0.11.5

bomberclone bomberclone 0.11.4

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2006-400[56]: Multiple Remote Vulnerabilities in Bomberclone
Debian Bug report logs - #382082 CVE-2006-400[56]: Multiple Remote Vulnerabilities in Bomberclone Package: bomberclone; Maintainer for bomberclone is Peter Spiess-Knafl <dev@spiessknaflat>; Source for bomberclone is src:bomberclone (PTS, buildd, popcon) Reported by: Stefan Fritsch <sf@sfritschde> Date: Tue, 8 Aug ...
Debian Security Advisories: DSA-1180-1 bomberclone -- programming error
Luigi Auriemma discovered two security related bugs in bomberclone, a free Bomberman clone The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-4005 The program copies remotely provided data unchecked which could lead to a denial of service via an application crash CVE-2006-4006 Bomberclone use ...

Exploits

Exploit DB: BomberClone 0.11 - Multiple Vulnerabilities
source: wwwsecurityfocuscom/bid/19255/info Bomberclone is prone to remote information-disclosure and denial-of-service vulnerabilities because it fails to properly sanitize user-supplied input These issues allow remote attackers to access sensitive information and to crash the application, denying further service to legitimate users V ...

References

CWE-200http://aluigi.altervista.org/adv/bcloneboom-adv.txthttp://aluigi.org/poc/bcloneboom.ziphttp://www.securityfocus.com/bid/19255http://secunia.com/advisories/21303http://www.osvdb.org/27648http://www.debian.org/security/2006/dsa-1180http://secunia.com/advisories/21985http://www.vupen.com/english/advisories/2006/3067https://exchange.xforce.ibmcloud.com/vulnerabilities/28092https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382082https://www.exploit-db.com/exploits/28314/https://www.debian.org/security/./dsa-1180
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook