Doomsday Engine 多个远程漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113539 漏洞类型 缓冲区溢出
发布时间 2007-08-29 更新时间 2007-09-05
CVE编号 CVE-2007-4642 CNNVD-ID CNNVD-200708-511
漏洞平台 Linux CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/30543
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200708-511
|漏洞详情
Doomsday(又称deng)1.9.0-beta5.1版本及其早期版本中存在多个缓冲区溢出。远程攻击者可以借助一个超长的在(1)d_net.c的D_NetPlayerEvent函数或(2)net_msg.c中的Msg_Write函数中未经过适当处理的chat(PKT_CHAT)信息,或(3)d_netsv.c的NetSv_ReadCommands函数中学多未经过适当处理的指令,执行任意代码;或(4)可以借助不具备一个最终'\0'字符的chat(PKT_CHAT)信息,造成拒绝服务(后台程序崩溃)。
|漏洞EXP
source: http://www.securityfocus.com/bid/25483/info

Doomsday Engine is prone to multiple remote vulnerabilities, including multiple buffer-overflow issues, a denial-of-service issue, a format-string issue, and an integer-overflow issue.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.

Doomsday Engine 1.90-beta5.1 is vulnerable; other versions may also be affected.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/30543.zip
|参考资料

来源:BID
名称:25483
链接:http://www.securityfocus.com/bid/25483
来源:BUGTRAQ
名称:20070829MultiplevulnerabilitiesinDoomsday1.9.0-beta5.1
链接:http://www.securityfocus.com/archive/1/archive/1/478077/100/0/threaded
来源:SECUNIA
名称:26524
链接:http://secunia.com/advisories/26524
来源:MISC
链接:http://aluigi.org/poc/dumsdei.zip
来源:MISC
链接:http://aluigi.altervista.org/adv/dumsdei-adv.txt
来源:XF
名称:doomsday-netsvreadcommands-bo(36334)
链接:http://xforce.iss.net/xforce/xfdb/36334
来源:XF
名称:doomsday-msgwrite-bo(36333)
链接:http://xforce.iss.net/xforce/xfdb/36333
来源:XF
名称:doomsday-dnetplayerevent-bo(36332)
链接:http://xforce.iss.net/xforce/xfdb/36332
来源:SREASON
名称:3084
链接:http://securityreason.com/securityalert/3084
来源:GENTOO
名称:GLSA-200802-02
链接:http://security.gentoo.org/glsa/glsa-200802-02.xml
来源:SECUNIA
名称:28821
链接:http://secunia.com/advisories/28821
来源:bugs.gentoo.org
链接:http://bugs.gentoo.org/show_bug.cgi?id=190835