CVE-2006-1145

Format string vulnerability in the safe_cprintf function in acebot_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code via unspecified vectors when the server sends crafted messages to the clients.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://aluigi.altervista.org/adv/aa2k6x-adv.txt	Exploit Vendor Advisory
http://secunia.com/advisories/19144	Vendor Advisory
http://www.securityfocus.com/bid/17028
http://www.osvdb.org/23747
http://archives.neohapsis.com/archives/fulldisclosure/2006-03/0147.html
http://www.vupen.com/english/advisories/2006/0882
https://exchange.xforce.ibmcloud.com/vulnerabilities/25199
http://www.securityfocus.com/archive/1/426984/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:cor_entertainment:alien_arena_2006:gold_5.00:*:*:*:*:*:*:*

Information

Published : 2006-03-10 03:02

Updated : 2018-10-18 09:30

NVD link : CVE-2006-1145

Mitre link : CVE-2006-1145

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

cor_entertainment

alien_arena_2006

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://aluigi.altervista.org/adv/aa2k6x-adv.txt", "name": "http://aluigi.altervista.org/adv/aa2k6x-adv.txt", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/19144", "name": "19144", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/17028", "name": "17028", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/23747", "name": "23747", "tags": [], "refsource": "OSVDB"}, {"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/0147.html", "name": "20060307 Multiple vulnerabilities in Alien Arena 2006 GE 5.00", "tags": [], "refsource": "FULLDISC"}, {"url": "http://www.vupen.com/english/advisories/2006/0882", "name": "ADV-2006-0882", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25199", "name": "alien-safe-cprintf-format-string(25199)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/426984/100/0/threaded", "name": "20060307 Multiple vulnerabilities in Alien Arena 2006 GE 5.00", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Format string vulnerability in the safe_cprintf function in acebot_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code via unspecified vectors when the server sends crafted messages to the clients."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-1145", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-03-10T11:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cor_entertainment:alien_arena_2006:gold_5.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:30Z"}