CVE-2008-6702 – S.T.A.L.K.E.R. 1.0.06 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-6702
S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (crash) via a long nickname, which triggers an exception. S.T.A.L.K.E.R.: Shadow of Chernobyl v1.0006 y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída) a través de una nickname largo, lo que provoca una excepción. • https://www.exploit-db.com/exploits/31919 http://aluigi.altervista.org/adv/stalkerboom-adv.txt http://osvdb.org/46432 http://secunia.com/advisories/30707 http://www.securityfocus.com/archive/1/493366/100/0/threaded http://www.securityfocus.com/bid/29723 http://www.securityfocus.com/bid/29997 https://exchange.xforce.ibmcloud.com/vulnerabilities/43132 • CWE-20: Improper Input Validation •
CVE-2008-6703 – S.T.A.L.K.E.R Shadow of Chernobyl 1.0006 - Multiple Remote Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-6703
Stack-based buffer overflow in the IPureServer::_Recieve function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to execute arbitrary code via a compressed 0x39 packet, which is decompressed by the NET_Compressor::Decompress function. Desbordamiento de búfer basado en pila en la función IPureServer::_Recieve en S.T.A.L.K.E.R.: Shadow of Chernobyl v1.0006 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de un paquete 0x39 comprimido, que es descomprimido por la función NET_Compressor::Decompress. • https://www.exploit-db.com/exploits/31998 http://aluigi.altervista.org/adv/stalker39x-adv.txt http://osvdb.org/46626 http://secunia.com/advisories/30891 http://www.securityfocus.com/archive/1/493765 http://www.securityfocus.com/bid/29997 https://exchange.xforce.ibmcloud.com/vulnerabilities/43454 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-6705
https://notcve.org/view.php?id=CVE-2008-6705
The MultipacketReciever::RecievePacket function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (server termination) via a crafted packet without an expected 0xe0 or 0xe1 value, which triggers the INT3 instruction. La función MultipacketReciever::RecievePacket en S.T.A.L.K.E.R.: Shadow of Chernobyl v1.0006 y aanteriores, permiten a atacantes remotos provocar una denegación de servicio (finalización de servicio) a través de paquetes manipulados sin los valores 0xe0 o 0xe1 esperados, lo que provoca la instrucción INT13. • http://aluigi.altervista.org/adv/stalker39x-adv.txt http://osvdb.org/46628 http://secunia.com/advisories/30891 http://www.securityfocus.com/archive/1/493765 http://www.securityfocus.com/bid/29997 https://exchange.xforce.ibmcloud.com/vulnerabilities/43458 •
CVE-2008-6704
https://notcve.org/view.php?id=CVE-2008-6704
Integer overflow in the NET_Compressor::Decompress function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (server crash) via a crafted packet with a 0xc1 value that contains no compressed data, which triggers a copy of a large amount of memory. Desbordamiento de entero en la función NET_Compressor::Decompress en S.T.A.L.K.E.R.: Shadow of Chernobyl v1.0006 y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída del sistema) a través de un paquete manipulado con un valor 0xc1 que contiene datos no comprimidos, lo que provoca una copia de una gran cantidad de memoria. • http://aluigi.altervista.org/adv/stalker39x-adv.txt http://osvdb.org/46627 http://secunia.com/advisories/30891 http://www.securityfocus.com/archive/1/493765 http://www.securityfocus.com/bid/29997 https://exchange.xforce.ibmcloud.com/vulnerabilities/43456 • CWE-189: Numeric Errors •