Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4643

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4643
Last Modified 05 Sep 2008 05:28:45
Published 31 Aug 2007 07:17:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4643

Summary

Integer underflow in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a PKT_CHAT packet with a data length less than 3, which triggers an erroneous malloc, possibly related to the Sv_HandlePacket function in sv_main.c.

Vulnerable Systems

Application

  • Doomsday 1.9.0 Beta5.1


References

BID - 25483

BUGTRAQ - 20070829 Multiple vulnerabilities in Doomsday 1.9.0-beta5.1

SECUNIA - 26524

MISC - http://aluigi.org/poc/dumsdei.zip

XF - doomsday-svhandlepacket-underflow(36338)

SREASON - 3084

GENTOO - GLSA-200802-02

SECUNIA - 28821

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=190835


Last Updated: 27 May 2016 10:45:56