Info

Disclosure

May 23, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in Punkbuster for Servers WebTool. The software fails to properly validate user-supplied input via the 'webkey' parameter, resulting in a buffer overflow. With a specially crafted URL, an attacker can crash the server and potentially run arbitrary code, resulting in a loss of availability and/or integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Public, Exploit Rumored
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Upgrade to version 1.229 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Even Balance, Inc.	PunkBuster Server WebTool	1.228
		1.158
		1.184
		1.150
		1.173
		1.108
		1.159
		1.167
		1.093
		1.187
		1.181
		1.169
		1.175
		1.183

References

Security Tracker: 1016155
Bugtraq ID: 18106
Milw0rm: 1819
Exploit Database: 1819
CVE ID: 2006-2587 (see also: NVD)
Secunia Advisory ID: 20257
SCIP VulDB ID: 2262
ISS X-Force ID: 26608
VUPEN Advisory: ADV-2006-1940
Other Advisory URL: http://aluigi.altervista.org/adv/pbwebbof-adv.txt
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0607.html
Vendor URL: http://www.evenbalance.com/publications/admins/#webtool
http://www.punkbuster.com

Credit

Luigi Auriemma - aluigialtervista.org - http://aluigi.altervista.org

Direct URL: http://osvdb.org/25738

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Even Balance, Inc.

PunkBuster Server WebTool

References

Credit