CVE-2011-10014
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-08-14
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gtasa | sa-mp | 0.3.1.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2011-10014 is a critical stack-based buffer overflow vulnerability in the GTA San Andreas Multiplayer (SA-MP) server version 0.3.1.1. It occurs when the server processes a specially crafted malformed server.cfg configuration file containing an excessively long echo directive. This overflow allows a local attacker, who can replace the server.cfg file, to execute arbitrary code by overwriting the instruction pointer during the server's parsing of the file. The exploit involves crafting a payload that overwrites the buffer and redirects execution flow to attacker-controlled code, demonstrated by launching calc.exe on Windows systems running the vulnerable server. [1, 2, 3, 4]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker with access to the server's file system to execute arbitrary code on the machine running the GTA SA-MP server. This can lead to full compromise of the system, including running malicious programs, gaining unauthorized access, or causing denial of service by crashing the server. Since the exploit requires replacing the server.cfg file and running the vulnerable server binary, the attacker must have some level of local access or trick the user into running the malicious configuration file. [1, 2, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the GTA San Andreas Multiplayer (SA-MP) server version 0.3.1.1 is running and if the server.cfg configuration file has been modified or replaced with a malformed file containing an excessive input in the echo directive. Since the exploit requires a crafted server.cfg file, you can detect it by inspecting the server.cfg file for unusually long or suspicious echo directives. There are no specific network commands mentioned, but on the system, you can use commands to verify the integrity and contents of server.cfg, such as 'type server.cfg' or 'more server.cfg' on Windows, or use file integrity monitoring tools to detect changes. Additionally, monitoring for unexpected execution of samp-server.exe or unusual behavior may help detect exploitation attempts. [2, 3, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Prevent local attackers from modifying the server.cfg file by restricting file system permissions to trusted users only. 2) Avoid running the vulnerable version 0.3.1.1 of the SA-MP server; upgrade to a patched or newer version if available. 3) Monitor and verify the integrity of the server.cfg file regularly to detect unauthorized changes. 4) Do not run samp-server.exe with untrusted or modified configuration files. Since the original site is defunct, rely on community-maintained mirrors cautiously and verify their security status. 5) If possible, run the server in a restricted environment or sandbox to limit the impact of potential exploitation. [1, 2, 4]