ID CVE-2004-1395
Summary The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) No one lives forever 2 1.3 and earlier, (3) Tron 2.0 1.042 and earlier, (4) F.E.A.R. (First Encounter Assault and Recon), and possibly other games, allows remote attackers to cause a denial of service (connection refused) via a UDP packet that causes recvfrom to generate a return code that causes the listening loop to exit, as demonstrated using zero byte packets or packets between 8193 and 12280 bytes, which result in conditions that are not "Operation would block."
References
Vulnerable Configurations
  • cpe:2.3:a:monolith_productions:contract_jack:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:monolith_productions:contract_jack:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:monolith_productions:no_one_lives_forever_2:1.0.004:*:*:*:*:*:*:*
    cpe:2.3:a:monolith_productions:no_one_lives_forever_2:1.0.004:*:*:*:*:*:*:*
  • cpe:2.3:a:monolith_productions:no_one_lives_forever_2:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:monolith_productions:no_one_lives_forever_2:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:monolith_productions:tron:2.0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:monolith_productions:tron:2.0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:monolith_productions:tron:2.0.1.42:*:*:*:*:*:*:*
    cpe:2.3:a:monolith_productions:tron:2.0.1.42:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 11902
bugtraq 20041213 Socket unreacheable in the Lithtech engine (new protocol)
fulldisc
  • 20041213 Socket unreacheable in the Lithtech engine (new protocol)
  • 20051021 F.E.A.R. 1.01 likes lithsock
misc http://aluigi.altervista.org/adv/lithsock-adv.txt
secunia
  • 13446
  • 17317
xf lithtech-engine-communication-dos(18456)
Last major update 11-07-2017 - 01:30
Published 31-12-2004 - 05:00
Last modified 11-07-2017 - 01:30
Back to Top