Toribash 专用服务器格式串漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113479 漏洞类型 格式化字符串
发布时间 2007-08-18 更新时间 2007-08-22
CVE编号 CVE-2007-4446 CNNVD-ID CNNVD-200708-347
漏洞平台 Multiple CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/30508
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200708-347
|漏洞详情
"Toribash是一款流行的格斗游戏。如果客户端在加入游戏的时候直接向vfprintf()发送了包含有BOUTID;100000NICKNAME0的格式串,就可能导致服务器崩溃或执行任意指令。
|漏洞EXP
source: http://www.securityfocus.com/bid/25359/info

Toribash is prone to multiple remote code-execution and denial-of-service vulnerabilities that affect game servers and clients. Seven vulnerabilties were reported.

Attackers may exploit these issues to execute arbitrary code in the content of the game server and game client or to deny service to both servers and clients. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/30508.zip
|参考资料

来源:BID
名称:25359
链接:http://www.securityfocus.com/bid/25359
来源:BUGTRAQ
名称:20070818MultiplevulnerabilitiesinToribash2.71
链接:http://www.securityfocus.com/archive/1/archive/1/477025/100/0/threaded
来源:SECUNIA
名称:26507
链接:http://secunia.com/advisories/26507
来源:MISC
链接:http://aluigi.org/poc/toribashish.zip
来源:SREASON
名称:3033
链接:http://securityreason.com/securityalert/3033