Doomsday Multiple Remote Format String Vulnerabilities
BID:17369
Info
Doomsday Multiple Remote Format String Vulnerabilities
| Bugtraq ID: | 17369 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-1618 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 04 2006 12:00AM |
| Updated: | Apr 10 2006 05:27PM |
| Credit: | Discovery is credited to Luigi Auriemma. |
| Vulnerable: |
Gentoo Linux Doomsday HQ Doomsday Engine 1.9 Doomsday HQ Doomsday Engine 1.8.6 |
| Not Vulnerable: | |
Discussion
Doomsday Multiple Remote Format String Vulnerabilities
Doomsday is prone to multiple remote format-string vulnerabilities.
These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to execute arbitrary code in the context of the vulnerable application or crash the affected game server, effectively denying service to legitimate users.
Doomsday is prone to multiple remote format-string vulnerabilities.
These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to execute arbitrary code in the context of the vulnerable application or crash the affected game server, effectively denying service to legitimate users.
Exploit / POC
Doomsday Multiple Remote Format String Vulnerabilities
This issue can be exploited through a web client.
The following proof of concept is sufficient to crash an affected game server:
Telnet to TCP port 13209 and issue the following command:
JOIN 1234 %n%n%n%n%n%n
This issue can be exploited through a web client.
The following proof of concept is sufficient to crash an affected game server:
Telnet to TCP port 13209 and issue the following command:
JOIN 1234 %n%n%n%n%n%n
Solution / Fix
Doomsday Multiple Remote Format String Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Please see the references for more information and vendor advisories.
mailto:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Please see the references for more information and vendor advisories.
mailto:[email protected]
References
Doomsday Multiple Remote Format String Vulnerabilities
References:
References:
- Doomsday engine - format string bug in Con_Message and Con_Printf (Luigi Auriemma)
- Doomsday Homepage (Doomsday HQ)