Vulnerability CVE-2009-3924


Published: 2009-11-09   Modified: 2012-02-13

Description:
Buffer overflow in pbsv.dll, as used in Soldier of Fortune II and possibly other applications when Even Balance PunkBuster 1.728 or earlier is enabled, allows remote attackers to cause a denial of service (application server crash) and possibly execute arbitrary code via a long restart packet.

See advisories in our WLB2 database:
Topic
Author
Date
High
Soldier of Fortune II with PunkBuster enabled
Luigi Auriemma
11.11.2009

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Punkbuster
Product: Punkbuster 
Version:
1.728
1.723
1.718
1.642
1.641
1.458
1.457
1.272
Vendor: Raven software
Product: Soldier of fortune 2 

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://aluigi.org/poc/sof2pbbof.zip
http://xforce.iss.net/xforce/xfdb/52400
http://secunia.com/advisories/36221
http://aluigi.altervista.org/adv/sof2pbbof-adv.txt

Related CVE
CVE-2006-3400
Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server...
CVE-2005-2115
Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause a denial of service (server crash) via a large ID value in the ignore command, which is used as an array index and causes an out-of-bounds operation.
CVE-2005-0983
Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data.
CVE-2005-0568
Soldier of Fortune II 1.03 gold allows remote attackers to cause a denial of service (application crash) via a large cl_guid value, which results in an invalid pointer dereference.
CVE-2004-1542
Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows remote attackers to cause a denial of service (server or client crash) via a long (1) query or (2) reply.

Copyright 2019, cxsecurity.com

 

Back to Top