Raydium raydium_log() format string
| raydium-raydiumlog-format-string (26514) |  Medium Risk |
Description:
Raydium is vulnerable to a format string attack, caused by a vulnerability in the raydium_log() function when receiving data from a client. A remote or local attacker could exploit this vulnerability to execute arbitrary commands on the server.
Consequences:
Gain Access
Remedy:
Upgrade to the latest SVN revision (310 or later), available from the Raydium Web site. See references.
References:
- Full-Disclosure Mailing List, Fri May 12 2006 - 16:25:33 CDT: Multiple vulnerabilities in Raydium rev 309.
- Raydium Web site: Raydium 3D Game Engine - OpenSource - GPL.
- BID-17986: Raydium Multiple Remote Buffer Overflow and Denial Of Service Vulnerabilities
- CVE-2006-2409: Format string vulnerability in the raydium_log function in console.c in Raydium before SVN revision 310 allows local users to execute arbitrary code via format string specifiers in the format parameter, which are not properly handled in a call to raydium_console_line_add.
- SA20097: Raydium Multiple Vulnerabilities
- VUPEN/ADV-2006-1808: Raydium Multiple Remote Buffer Overflow and Denial of Service Vulnerabilities
Platforms Affected:
- Raydium.org Raydium 2005-09-21
- Raydium.org Raydium SVN revision 309
Reported:
May 12, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net