Vavoom 'str.cpp'拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113511 漏洞类型
发布时间 2007-08-24 更新时间 2007-08-27
CVE编号 CVE-2007-4535 CNNVD-ID CNNVD-200708-403
漏洞平台 Multiple CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/30527
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200708-403
|漏洞详情
Vavoom是Doom游戏的移植。Vavoom的str.cpp文件的VStr::Resize()函数存在断言错误,如果用户向服务器的默认26000端口发送了包含有8002ff00十六进制字符的特制UDP报文的话,就可能导致服务器崩溃。
|漏洞EXP
source: http://www.securityfocus.com/bid/25436/info
 
Vavoom is prone to multiple remote vulnerabilities, including a buffer-overflow issue, a format-string issue, and a denial-of-service issue.
 
An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.
 
Vavoom 1.24 is vulnerable; prior versions may also be affected. 

For the denial-of-service vulnerability, the attacker sends a packet to UDP port 26000 containing the following hexadecimal bytes: 80 02 ff 00
|参考资料

来源:SECUNIA
名称:26554
链接:http://secunia.com/advisories/26554
来源:MISC
链接:http://aluigi.altervista.org/adv/vaboom2-adv.txt
来源:FEDORA
名称:FEDORA-2007-1977
链接:https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00094.html
来源:MISC
链接:https://bugzilla.redhat.com/show_bug.cgi?id=256621
来源:BID
名称:25436
链接:http://www.securityfocus.com/bid/25436
来源:SREASON
名称:3057
链接:http://securityreason.com/securityalert/3057
来源:SECUNIA
名称:26701
链接:http://secunia.com/advisories/26701