CVE-2006-4006 - OpenCVE

The do_gameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Bomberclone	Bomberclone

Configuration 1 [-]

OR	cpe:2.3:a:bomberclone:bomberclone::::::::
	cpe:2.3:a:bomberclone:bomberclone:0.11.3:::::::*
	cpe:2.3:a:bomberclone:bomberclone:0.11.4:::::::*
	cpe:2.3:a:bomberclone:bomberclone:0.11.5:::::::*

References

Link	Resource
http://aluigi.altervista.org/adv/bcloneboom-adv.txt	Exploit Vendor Advisory
http://aluigi.org/poc/bcloneboom.zip	Exploit
http://secunia.com/advisories/21303	Vendor Advisory
http://secunia.com/advisories/21985	Vendor Advisory
http://www.debian.org/security/2006/dsa-1180
http://www.osvdb.org/27648
http://www.securityfocus.com/bid/19255	Exploit
http://www.vupen.com/english/advisories/2006/3067	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/28092

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-08-07T19:00:00

Updated: 2017-07-19T15:57:01

Reserved: 2006-08-07T00:00:00

Link: CVE-2006-4006

JSON object: View

NVD Information

Status : Modified

Published: 2006-08-07T19:04:00.000

Modified: 2017-07-20T01:32:45.867

Link: CVE-2006-4006

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-07-30T00:00:00", "descriptions": [{"lang": "en", "value": "The do_gameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "bomberclone-sendpkg-information-disclosure(28092)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28092"}, {"name": "21303", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21303"}, {"name": "19255", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19255"}, {"name": "DSA-1180", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-1180"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.org/poc/bcloneboom.zip"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.altervista.org/adv/bcloneboom-adv.txt"}, {"name": "ADV-2006-3067", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3067"}, {"name": "27648", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/27648"}, {"name": "21985", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21985"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4006", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The do_gameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "bomberclone-sendpkg-information-disclosure(28092)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28092"}, {"name": "21303", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21303"}, {"name": "19255", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19255"}, {"name": "DSA-1180", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1180"}, {"name": "http://aluigi.org/poc/bcloneboom.zip", "refsource": "MISC", "url": "http://aluigi.org/poc/bcloneboom.zip"}, {"name": "http://aluigi.altervista.org/adv/bcloneboom-adv.txt", "refsource": "MISC", "url": "http://aluigi.altervista.org/adv/bcloneboom-adv.txt"}, {"name": "ADV-2006-3067", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3067"}, {"name": "27648", "refsource": "OSVDB", "url": "http://www.osvdb.org/27648"}, {"name": "21985", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21985"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4006", "datePublished": "2006-08-07T19:00:00", "dateReserved": "2006-08-07T00:00:00", "dateUpdated": "2017-07-19T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bomberclone:bomberclone:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6A2E984-618E-4A78-98D1-B56819F77DB7", "versionEndIncluding": "0.11.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:bomberclone:bomberclone:0.11.3:*:*:*:*:*:*:*", "matchCriteriaId": "9F3DA93D-AC12-4E63-9E34-7543D9BDEAE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:bomberclone:bomberclone:0.11.4:*:*:*:*:*:*:*", "matchCriteriaId": "327901F7-A47F-4D12-9FC3-83480751E353", "vulnerable": true}, {"criteria": "cpe:2.3:a:bomberclone:bomberclone:0.11.5:*:*:*:*:*:*:*", "matchCriteriaId": "56AA0BE2-13EC-4186-8D7F-DFEF2697086E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The do_gameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory."}, {"lang": "es", "value": "La funci\u00f3n do_gameinfo en BomberClone 0.11.6 y anteriores, y posiblemente otras funciones, no restablece el tama\u00f1o de informaci\u00f3n de paquete, lo cual provoca que la funci\u00f3n send_pkg (packets.c) utilice este tama\u00f1o de informaci\u00f3n al enviar una respuesta, y permite a atacantes remotos leer porciones de la memoria del servidor."}], "id": "CVE-2006-4006", "lastModified": "2017-07-20T01:32:45.867", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-08-07T19:04:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://aluigi.altervista.org/adv/bcloneboom-adv.txt"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://aluigi.org/poc/bcloneboom.zip"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21303"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21985"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-1180"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/27648"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/19255"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/3067"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28092"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}