Executive Summary

Summary
Title Doomsday: Multiple vulnerabilities
Informations
Name GLSA-200802-02 First vendor Publication 2008-02-06
Vendor Gentoo Last vendor Modification 2008-02-06
Severity (Vendor) High Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities in Doomsday might allow remote execution of arbitrary code or a Denial of Service.

Background

The Doomsday Engine (deng) is a modern gaming engine for popular ID games like Doom, Heretic and Hexen.

Description

Luigi Auriemma discovered multiple buffer overflows in the D_NetPlayerEvent() function, the Msg_Write() function and the NetSv_ReadCommands() function. He also discovered errors when handling chat messages that are not NULL-terminated (CVE-2007-4642) or contain a short data length, triggering an integer underflow (CVE-2007-4643).
Furthermore a format string vulnerability was discovered in the Cl_GetPackets() function when processing PSV_CONSOLE_TEXT messages
(CVE-2007-4644).

Impact

A remote attacker could exploit these vulnerabilities to execute arbitrary code with the rights of the user running the Doomsday server or cause a Denial of Service by sending specially crafted messages to the server.

Workaround

There is no known workaround at this time.

Resolution

While some of these issues could be resolved in
"games-fps/doomsday-1.9.0-beta5.2", the format string vulnerability
(CVE-2007-4644) remains unfixed. We recommend that users unmerge Doomsday:
# emerge --unmerge games-fps/doomsday

References

[ 1 ] CVE-2007-4642 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4642
[ 2 ] CVE-2007-4643 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4643
[ 3 ] CVE-2007-4644 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4644

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200802-02.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-200802-02.xml

CWE : Common Weakness Enumeration

% Id Name
67 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
33 % CWE-94 Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2008-09-24 Name : Gentoo Security Advisory GLSA 200802-02 (doomsday)
File : nvt/glsa_200802_02.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
40134 Doomsday (aka deng) cl_main.c Cl_GetPackets Function PSV_CONSOLE_TEXT Message...
40133 Doomsday (aka deng) sv_main.c PKT_CHAT Packet Remote Overflow
40132 Doomsday (aka deng) d_netsv.c NetSv_ReadCommands Function PKT_CHAT Message Re...
40131 Doomsday (aka deng) net_msg.c Msg_Write Function PKT_CHAT Message Remote Over...
40130 Doomsday (aka deng) d_net.c D_NetPlayerEvent Function PKT_CHAT Message Remote...

Nessus® Vulnerability Scanner

Date Description
2008-02-11 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200802-02.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:35:32
  • Multiple Updates