Zandronum Chat on our Discord Server Get the latest version: 3.2.1
Source Code
My View | View Issues | Change Log | Roadmap | All Projects Issue Support Ranking | Rules | My Account
  

View Revisions: Issue #3665 All Revisions ] Back to Issue ]
Summary 0003665: Missing CVE Identifier for issue 0003660 (remote denial of service in SRB2 engine plugin)
Revision 2019-06-22 11:29 by WubTheCaptain
Additional Information A vulnerability was found in Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive), distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server, allowing a remote attacker to cause a potential crash / denial of service in Doomseeker.

The issue has been remediated in Doomseeker 1.3 release with source code patches to the SRB2 plugin (EP_Version 12).

References:
  • https://bitbucket.org/Doomseeker/doomseeker/commits/b9a90f1f56e704c5cbeefe83da2f9ce939920278
  • https://bitbucket.org/Doomseeker/doomseeker/commits/ae456aac888cb794ea3292f7f99cb87d6b22a555
  • https://bitbucket.org/Doomseeker/doomseeker/pull-requests/74/more-openbsd-issues-3654-the-srb2-thingy/diff
  • https://zandronum.com/tracker/view.php?id=3660
Revision 2019-06-21 22:24 by WubTheCaptain
Additional Information A vulnerability was found in Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive), distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server, allowing a remote attacker to cause a potential crash / denial of service in Doomseeker.

The issue has been remediated in Doomseeker 1.3 release with source code patches to the SRB2 plugin.

References:
  • https://bitbucket.org/Doomseeker/doomseeker/commits/b9a90f1f56e704c5cbeefe83da2f9ce939920278
  • https://bitbucket.org/Doomseeker/doomseeker/commits/ae456aac888cb794ea3292f7f99cb87d6b22a555
  • https://bitbucket.org/Doomseeker/doomseeker/pull-requests/74/more-openbsd-issues-3654-the-srb2-thingy/diff
  • https://zandronum.com/tracker/view.php?id=3660
Revision 2019-06-21 21:55 by WubTheCaptain
Additional Information A vulnerability was found in Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive), distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server, allowing a remote attacker to cause a potential crash / denial of service in Doomseeker.

The issue has been remediated in Doomseeker 1.3 release with source code patches to the SRB2 plugin.

References:
  • https://bitbucket.org/Doomseeker/doomseeker/commits/b9a90f1f56e704c5cbeefe83da2f9ce939920278
  • https://bitbucket.org/Doomseeker/doomseeker/commits/ae456aac888cb794ea3292f7f99cb87d6b22a555
  • https://zandronum.com/tracker/view.php?id=3660
Revision 2019-06-21 21:54 by WubTheCaptain
Additional Information See relationships of this issue.

A vulnerability was found in Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive), distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server, allowing a remote attacker to cause a potential crash / denial of service in Doomseeker.

The issue has been remediated in Doomseeker 1.3 release with source code patches to the SRB2 plugin.

References:
  • https://bitbucket.org/Doomseeker/doomseeker/commits/b9a90f1f56e704c5cbeefe83da2f9ce939920278
  • https://bitbucket.org/Doomseeker/doomseeker/commits/ae456aac888cb794ea3292f7f99cb87d6b22a555
  • https://zandronum.com/tracker/view.php?id=3660
Revision 2019-06-21 21:52 by WubTheCaptain
Additional Information See relationships of this issue.

A vulnerability was found in Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive), distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server, allowing a remote attacker to cause a potential crash / denial of service in Doomseeker.

The issue has been remediated in Doomseeker 1.3 release with source code patches to the SRB2 plugin.
Revision 2019-06-21 21:51 by WubTheCaptain
Additional Information See relationships of this issue.

A vulnerability was found in Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive), distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not validate or discard IP packet response lengths from a Sonic Robo Blast 2 master server, allowing a remote attacker to cause a potential crash / denial of service in Doomseeker.

The issue has been remediated in Doomseeker 1.3 release with source code patches to the SRB2 plugin.
Revision 2019-06-21 21:11 by WubTheCaptain
Additional Information See relationships of this issue.




Questions or other issues? Contact Us.

Links

Copyright © 2000 - 2025 MantisBT Team
Powered by Mantis Bugtracker