CVE-2007-4426

Name of the Vulnerable Software and Affected Versions Live for Speed (LFS) versions S1 and S2

Description The issue allows remote attackers to cause a denial of service, resulting in a server crash. This can be achieved through two methods: (1) sending a pre-login ID 3 packet containing a certain 0x00 byte, which triggers a NULL dereference, or (2) sending a pre-login ID 5 packet that lacks certain strings, triggering an invalid pointer dereference.

Recommendations For Live for Speed (LFS) versions S1 and S2, as a temporary workaround, consider restricting access to pre-login ID 3 and ID 5 packets until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.