Sacred versions below 1.0.6.2 suffer from a denial of service flaw.
8a2f2388c32b4c8625142cf85960a2a8f5a5e78cbc5fab19aa74d5add1da549b
Program: Sacred (pc game)
http://sacred-game.com
type: simple DoS, no client-auth
affected version: <1.0.6.2
note:
-fixed in later versions (>1.0.7.0) (dated:31.08.2004)
-this security-lag exits for nearly half a year. although ascaron was
informed at the date of release (02.03.2004), nothing happens long time.
"exploit"-scenario:
Use telnet client to connect to game-port, u will see that a valid(!)
user connects.
16 times, and server will not accept any more connections (from valid
users for example).
after "fake-clients" get a timeout, only one of them gets kicked.
example: http://forum.sacred-game.com/attachment.php?attachmentid=1209
(nothing special)
greetz soylent
---------------------------
stop that "Why is IRC still around?" -crap !!!