Scrapland 1.0 and earlier allows remote attackers to cause a denial of service (server termination) by triggering an error, which is treated as a fatal error by the server, as demonstrated using (1) signed integers for size values, (2) an invalid model, (3) a newpos value that is less than or equal to a size value, or (4) partial packets.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Scrapland | Enlight_software | 1.0 (including) | 1.0 (including) |
References
- http://aluigi.altervista.org/adv/scrapboom-adv.txt
- http://marc.info/?l=full-disclosure\u0026m=110961578504928\u0026w=2
- http://secunia.com/advisories/14435
- http://aluigi.altervista.org/adv/scrapboom-adv.txt
- http://marc.info/?l=full-disclosure\u0026m=110961578504928\u0026w=2
- http://secunia.com/advisories/14435