Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4644

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-4644
Last Modified 05 Sep 2008 05:28:45
Published 31 Aug 2007 07:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4644

Summary

Format string vulnerability in the Cl_GetPackets function in cl_main.c in the client in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allows remote Doomsday servers to execute arbitrary code via format string specifiers in a PSV_CONSOLE_TEXT message.

Vulnerable Systems

Application

  • Doomsday 1.9.0 Beta5.1


References

BID - 25483

BUGTRAQ - 20070829 Multiple vulnerabilities in Doomsday 1.9.0-beta5.1

SECUNIA - 26524

MISC - http://aluigi.org/poc/dumsdei.zip

XF - doomsday-clgetpackets-format-string(36337)

SREASON - 3084

GENTOO - GLSA-200802-02

SECUNIA - 28821

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=190835


Last Updated: 27 May 2016 10:45:56