| CNNVD-ID编号 | CNNVD-200603-110 |
| CVE编号 | CVE-2006-0047 |
| 发布时间 | 2006-03-07 |
| 更新时间 | 2006-03-14 |
| 漏洞类型 | 资源管理错误 |
| 漏洞来源 | Discovery of this vulnerability is credited to Luigi Auriemma. |
| 危险等级 | 中危 |
| 威胁类型 | 远程 |
| 厂 商 | freeciv |
在Freeciv 2.0.8之前版本2.0 中存在packets.c,远程攻击者可以通过带负压缩尺寸值的伪数据包,制造拒绝服务(服务器崩溃)。
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
Freeciv Freeciv 2.0.4
Mandriva freeciv-client-2.0.4-2.1.20060mdk.i586.rpmMandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva freeciv-client-2.0.4-2.1.20060mdk.x86_64.rpmMandriva Linux 2006.0/X86_64:
http://wwwnew.mandriva.com/en/downloads
Mandriva freeciv-data-2.0.4-2.1.20060mdk.i586.rpmMandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva freeciv-data-2.0.4-2.1.20060mdk.x86_64.rpmMandriva Linux 2006.0/X86_64:
http://wwwnew.mandriva.com/en/downloads
Mandriva freeciv-server-2.0.4-2.1.20060mdk.i586.rpmMandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva freeciv-server-2.0.4-2.1.20060mdk.x86_64.rpmMandriva Linux 2006.0/X86_64:
http://wwwnew.mandriva.com/en/downloads
Freeciv Freeciv 2.0.7
Freeciv freeciv-2.0.8.tar.gz
http://prdownloads.sourceforge.net/freeciv/freeciv-2.0.8.tar.gz
来源: BID
名称: 16975
来源: BUGTRAQ
名称: 20060306 Out of memory crash in Freeciv 2.0.7
链接:http://www.securityfocus.com/archive/1/archive/1/426866/100/0/threaded
来源: VUPEN
名称: ADV-2006-0838
来源: SECUNIA
名称: 19120
来源: MANDRIVA
名称: MDKSA-2006:053
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:053
来源: XF
名称: freeciv-packets-dos(25166)
来源: MANDRIVA
名称: MDKSA-2006:053
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:053
来源: GENTOO
名称: GLSA-200603-11
链接:http://www.gentoo.org/security/en/glsa/glsa-200603-11.xml
来源: DEBIAN
名称: DSA-994
来源: SECUNIA
名称: 19253
来源: SECUNIA
名称: 19227