FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

freeciv -- Packet Parsing Denial of Service Vulnerability

Affected packages
freeciv < 2.0.8
freeciv-gtk < 2.0.8
freeciv-gtk2 < 2.0.8
freeciv-nox11 < 2.0.8

Details

VuXML ID 339fbbc1-4d23-11db-b48d-00508d6a62df
Discovery 2006-03-06
Entry 2006-09-26

Secunia reports:

Luigi Auriemma has reported a vulnerability in Freeciv, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the handling of the packet length in "common/packets.c". This can be exploited to crash the Freeciv server via a specially- crafted packet with the size set to "0xffff".

References

Bugtraq ID 16975
CVE Name CVE-2006-0047
URL http://aluigi.altervista.org/adv/freecivdos-adv.txt
URL http://secunia.com/advisories/19120/