Test ID:	1.3.6.1.4.1.25623.1.0.803172
Category:	Denial of Service
Title:	Freeciv Multiple Remote Denial Of Service Vulnerabilities
Summary:	Freeciv is prone to multiple denial of service vulnerabilities.
Description:	Summary: Freeciv is prone to multiple denial of service vulnerabilities. Vulnerability Insight: - Malloc exception in 'jumbo' packet within the common/packet.c. Endless loop in packets PACKET_PLAYER_INFO, PACKET_GAME_INFO, PACKET_EDIT_PLAYER_CREATE, PACKET_EDIT_PLAYER_REMOVE, PACKET_EDIT_CITY and PACKET_EDIT_PLAYER use some particular functions that can be tricked into an endless loop that freezes the server with CPU at 100%. Vulnerability Impact: Successful exploitation will allow attackers to cause denial of service condition. Affected Software/OS: Freeciv Version 2.2.1 and prior Solution: Update to version 2.2.2 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5645 http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095378.html http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095381.html http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096391.html http://www.openwall.com/lists/oss-security/2012/12/18/5 http://www.openwall.com/lists/oss-security/2012/12/22/4 http://www.openwall.com/lists/oss-security/2012/12/30/11 http://www.openwall.com/lists/oss-security/2012/12/30/8 http://www.openwall.com/lists/oss-security/2012/12/31/2 http://www.securityfocus.com/bid/41352 https://access.redhat.com/security/cve/cve-2012-5645 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696306 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5645 https://security-tracker.debian.org/tracker/CVE-2012-5645
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.