Doomsday Msg_Write() buffer overflow
| doomsday-msgwrite-bo (36333) |  High Risk |
Description:
Doomsday is vulnerable to a buffer overflow, caused by improper bounds checking by the Msg_Write() function. By sending an overly long chat message, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Platforms Affected:
- Gentoo, Linux
- Jaakko Keränen, Doomsday 1.9.0-b5.1 and prior
Remedy:
Apply the appropriate patch for your system. See References.
Consequences:
Gain Access
References:
- Doomsday Web site, Doomsday HQ: Recent News at http://www.doomsdayhq.com/.
- Luigi Auriemma Web page: ADVISORIES, Multiple vulnerabilities in Doomsday 1.9.0-beta5.1 at http://aluigi.altervista.org/adv/dumsdei-adv.txt.
- BID-25483: Doomsday Engine Multiple Remote Vulnerabilities
- CVE-2007-4642: Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allow remote attackers to execute arbitrary code via a long chat (PKT_CHAT) message that is not properly handled by the (1) D_NetPlayerEvent function in d_net.c or the (2) Msg_Write function in net_msg.c, or (3) many commands that are not properly handled by the NetSv_ReadCommands function in d_netsv.c; or (4) cause a denial of service (daemon crash) via a chat (PKT_CHAT) message without a final '\0' character.
- GLSA-200802-02: Doomsday: Multiple vulnerabilities
- SA26524: Doomsday Multiple Vulnerabilities
- SA28821: Gentoo doomsday Multiple Vulnerabilities
Reported:
Aug 29, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net