7 November 2007

NuFW 2.2.7 fixes a potential DOS

NuFW 2.2.7 fixes a potenial Denial Of Service against NuFW due to a buffer overflow. A buffer used in the samp_send function was 3 bytes too small.

More details:
 Type: erronous computation of the size of an allocated buffer
 Type: out of buffer write
 Exploitation: no exploit known at the time of the writing
 Consequence: segmentation fault (SIGSEGV)
 Consequence: server crash (nuauth part)
 Consequence: firewall will block every access
 Exploitable from network: yes
 Could open remote access to server: no
 Filtering policy bypass: no