Doomsday con_main.c 多个远程格式化字符串漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108605 漏洞类型 格式化字符串
发布时间 2005-04-03 更新时间 2006-04-10
CVE编号 CVE-2006-1618 CNNVD-ID CNNVD-200604-055
漏洞平台 Multiple CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/27566
https://www.securityfocus.com/bid/17369
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-055
|漏洞详情
Doomsday引擎1.8.6的con_main.c文件的(1)Con_message和(2)conPrintf函数中存在格式化字符串漏洞,借助于JOIN命令中的参数中格式化字符串限定符]还可能有其它命令参数,可让远程攻击者执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/17369/info

Doomsday is prone to multiple remote format-string vulnerabilities.

These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit these issues to execute arbitrary code in the context of the vulnerable application or crash the affected game server, effectively denying service to legitimate users.

Telnet to TCP port 13209 and issue the following command:
JOIN 1234 %n%n%n%n%n%n
|受影响的产品
Gentoo Linux Doomsday HQ Doomsday Engine 1.9 Doomsday HQ Doomsday Engine 1.8.6
|参考资料

来源:VUPEN
名称:ADV-2006-1221
链接:http://www.frsirt.com/english/advisories/2006/1221
来源:SECUNIA
名称:19515
链接:http://secunia.com/advisories/19515
来源:MISC
链接:http://aluigi.altervista.org/adv/doomsdayfs-adv.txt
来源:XF
名称:doomsday-conmessage-conprintf-format-string(25622)
链接:http://xforce.iss.net/xforce/xfdb/25622
来源:BID
名称:17369
链接:http://www.securityfocus.com/bid/17369
来源:BUGTRAQ
名称:20060403FormatstringinDoomsday1.8.6
链接:http://www.securityfocus.com/archive/1/archive/1/429857/100/0/threaded
来源:GENTOO
名称:GLSA-200604-05
链接:http://www.gentoo.org/security/en/glsa/glsa-200604-05.xml
来源:SECTRACK
名称:1015860
链接:http://securitytracker.com/id?1015860
来源:SECUNIA
名称:19519
链接:http://secunia.com/advisories/19519
来源:FULLDISC
名称:20060403FormatstringinDoomsday1.8.6
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044865.html