CVE-2006-4005

Name of the Vulnerable Software and Affected Versions BomberClone versions 0.11.6 and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash. This can be achieved through two methods: (1) sending a certain malformed PKGF ackreq packet, which triggers a crash in the rscache add() function in pkgcache.c; and (2) sending an error packet intended for clients, which instead also triggers server shutdown.

Recommendations For BomberClone versions 0.11.6 and earlier, as a temporary workaround, consider disabling the rscache add() function in pkgcache.c to prevent crashes from malformed PKGF ackreq packets. Additionally, restrict the handling of error packets to prevent unintended server shutdowns. At the moment, there is no information about a newer version that contains a fix for this issue.