Vavoom Multiple Remote Vulnerabilities
BID:25436
Info
Vavoom Multiple Remote Vulnerabilities
| Bugtraq ID: | 25436 |
| Class: | Unknown |
| CVE: |
CVE-2007-4533 CVE-2007-4535 CVE-2007-4534 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 24 2007 12:00AM |
| Updated: | Sep 06 2007 06:32PM |
| Credit: | Luigi Auriemma is credited with the discovery of this vulnerability. |
| Vulnerable: |
Vavoom Vavoom 1.24 Redhat Fedora 7 |
| Not Vulnerable: | |
Discussion
Vavoom Multiple Remote Vulnerabilities
Vavoom is prone to multiple remote vulnerabilities, including a buffer-overflow issue, a format-string issue, and a denial-of-service issue.
An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.
Vavoom 1.24 is vulnerable; prior versions may also be affected.
Vavoom is prone to multiple remote vulnerabilities, including a buffer-overflow issue, a format-string issue, and a denial-of-service issue.
An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.
Vavoom 1.24 is vulnerable; prior versions may also be affected.
Exploit / POC
Vavoom Multiple Remote Vulnerabilities
The following proofs of concept and exploit code are available:
- For the format-string vulnerability, an attacker sends a chat message containing '%n%n%n%n%s' string.
- For the buffer-overflow vulnerability, the attacker opens the 'vavoom\basev\doom2\config.cfg' file, and adds the following lines:'alias bof "say aaa...(992_'a's)...aaa" name ''aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'' '
- For the denial-of-service vulnerability, the attacker sends a packet to UDP port 26000 containing the following hexadecimal bytes: 80 02 ff 00
The following proofs of concept and exploit code are available:
- For the format-string vulnerability, an attacker sends a chat message containing '%n%n%n%n%s' string.
- For the buffer-overflow vulnerability, the attacker opens the 'vavoom\basev\doom2\config.cfg' file, and adds the following lines:'alias bof "say aaa...(992_'a's)...aaa" name ''aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'' '
- For the denial-of-service vulnerability, the attacker sends a packet to UDP port 26000 containing the following hexadecimal bytes: 80 02 ff 00
Solution / Fix
Vavoom Multiple Remote Vulnerabilities
Solution:
Red Hat has issued Fedora Core 7 updates that address these vulnerabilities. Please see the vendor advisories for more information.
Solution:
Red Hat has issued Fedora Core 7 updates that address these vulnerabilities. Please see the vendor advisories for more information.
References
Vavoom Multiple Remote Vulnerabilities
References:
References:
- Vavoom Homepage (Vavoom)
- Vavoom Multiple Remote Vulnerabilities (Vavoom)