DoS vulnerability in Teamspeak server
A vulnerability in the TeamspeakVoIP software package might be exploited by attackers to knock out the server. On the Milw0rm exploit portal, a demo has been released to demonstrate the hole. Specific HTTP requests containing excess length user names and passwords cause a very high CPU load on the inbuilt web server. As a consequence, the server is either slowed down considerably or ceases to respond. Authentication is not required to execute such attack.
The flaw has been detected in version 2.0.x for Windows, and it is probable that prior versions are also vulnerable. An updated server that is free of the bug is now available to download, but restricting access to TCP port 14534 over which the web admin interface communicates can also serve as an interim workaround.
- TeamSpeak 2.0 (Windows Release) Remote D0S , exploit by Yag Kohha
- Updated Teamspeak server ftp download
(mba)