Today, german IT publisher heise online reported about a recently discovered remote DoS vulnerability in the latest versions of the TeamSpeak 2 server software. A missing length check for incoming post data in the embedded webserver can lead to allocation of high amounts of RAM (>1GB) and high consumption of CPU time. Therefore an attacker can easily compromise the machine on which the server is running.

This vulnerability was first posted on the well-known exploit database milw0rm 5 days ago. This is the second known unfixed critical bug in the TeamSpeak 2 server software.

If you're running version 2.0.23.15 or a previous release of the TeamSpeak 2 server, we advise you to use a firewall to disable access to the TCP query and HTTP ports from untrusted sources to ensure the security of your server machine.

Update - 25 July 2007

This issue has now been resolved with version 2.0.23.16 of the TeamSpeak 2 server.

Related Links: 

Original report on the heise online website (German)