CVE-2006-4006

BomberClone <= 0.11.6 - Exposure of Sensitive Information via Packet Data Size Mismanagement

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4006. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in BomberClone <= 0.11.6, including a memcpy crash (DoS) and information disclosure via malformed packets. It sends crafted UDP packets to trigger these issues.

Description

The do_gameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · cremotelinux

https://www.exploit-db.com/exploits/28314

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in BomberClone <= 0.11.6, including a memcpy crash (DoS) and information disclosure via malformed packets. It sends crafted UDP packets to trigger these issues.

Classification

Working Poc 95%

Attack Type

Dos | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: BomberClone <= 0.11.6

No auth needed

Prerequisites: Network access to the target server

MITRE ATT&CK