Doomsday Engine Multiple Remote Vulnerabilities

Bugtraq ID:	25483
Class:	Unknown
CVE:	CVE-2007-4642 CVE-2007-4643 CVE-2007-4644
Remote:	Yes
Local:	No
Published:	Aug 29 2007 12:00AM
Updated:	Feb 07 2008 10:36PM
Credit:	Luigi Auriemma is credited with the discovery of this vulnerability.
Vulnerable:	Gentoo Linux Doomsday HQ Doomsday Engine 1.9 Doomsday HQ Doomsday Engine 1.8.6 Doomsday HQ Doomsday Engine 1.9.0-beta5.1
Not Vulnerable:

Doomsday Engine Multiple Remote Vulnerabilities

Doomsday Engine is prone to multiple remote vulnerabilities, including multiple buffer-overflow issues, a denial-of-service issue, a format-string issue, and an integer-overflow issue.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.

Doomsday Engine 1.90-beta5.1 is vulnerable; other versions may also be affected.

Doomsday Engine Multiple Remote Vulnerabilities

The following proofs of concept and sample exploit code are available:

• /data/vulnerabilities/exploits/dumsdei.zip

Doomsday Engine Multiple Remote Vulnerabilities

Solution:
Please see the referenced advisories for information on obtaining and applying the appropriate updates.

Doomsday Engine Multiple Remote Vulnerabilities

References:

• Doomsday Homepage (Doomsday HQ)
  
• Multiple vulnerabilities in Doomsday 1.9.0-beta5.1 ([email protected])