Описание
In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| teeworlds | fixed | 0.7.0-1 | package | |
| teeworlds | end-of-life | jessie | package |
Примечания
https://www.teeworlds.com/forum/viewtopic.php?id=12544
https://github.com/teeworlds/teeworlds/issues/1536
https://github.com/teeworlds/teeworlds/commit/a263185571903ead01f6b351a91ea219ac9d215f
https://github.com/teeworlds/teeworlds/commit/aababc63eeeee1bc41672502ca6c7a1dd9f61d94
https://github.com/teeworlds/teeworlds/commit/f5fa1a92ed81ed8da721e803a036b1553a38e39e
Связанные уязвимости
In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets.
In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets.
In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets.
