The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 11.4 |
| armin_burgmeier | net6 | 1.3.5 |
| oracle | solaris | 11.2 |
| armin_burgmeier | net6 | 1.3.2 |
| armin_burgmeier | net6 | 1.3.6 |
| armin_burgmeier | net6 | * |
| armin_burgmeier | net6 | 1.3.11 |
| armin_burgmeier | net6 | 1.3.12 |
| armin_burgmeier | net6 | 1.3.8 |
| opensuse | opensuse | 11.3 |
| armin_burgmeier | net6 | 1.3.3 |
| armin_burgmeier | net6 | 1.3.7 |
| armin_burgmeier | net6 | 1.3.9 |
| armin_burgmeier | net6 | 1.3.1 |
| armin_burgmeier | net6 | 1.3.4 |
| armin_burgmeier | net6 | 1.3.10 |
Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| armin_burgmeier | net6 | 1.3.5 |
| oracle | solaris | 11.2 |
| armin_burgmeier | net6 | 1.3.2 |
| opensuse_project | opensuse | 11.4 |
| armin_burgmeier | net6 | 1.3.6 |
| armin_burgmeier | net6 | * |
| armin_burgmeier | net6 | 1.3.11 |
| armin_burgmeier | net6 | 1.3.12 |
| armin_burgmeier | net6 | 1.3.8 |
| opensuse | opensuse | 11.3 |
| armin_burgmeier | net6 | 1.3.3 |
| armin_burgmeier | net6 | 1.3.7 |
| armin_burgmeier | net6 | 1.3.9 |
| armin_burgmeier | net6 | 1.3.1 |
| armin_burgmeier | net6 | 1.3.4 |
| armin_burgmeier | net6 | 1.3.10 |