CVE-2006-1593

Zdaemon < 1.08.01 and X-Doom - Denial of Service via Invalid Player Slot or Item Number

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1593. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The provided text is a vulnerability writeup for CVE-2006-1593, describing a buffer overflow in the 'is_client_wad_ok' function and a DoS condition in ZDaemon 1.08.01 and prior versions. No actual exploit code is included.

Description

The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ZD_LoadNewClientLevel functions in sv_main.cpp for (a) Zdaemon 1.08.01 and (b) X-Doom allows remote attackers to cause a denial of service (crash) via an invalid player slot or item number, which causes an invalid memory access, possibly due to an invalid array index.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luigi Auriemma · textdosmultiple

https://www.exploit-db.com/exploits/27547

View Code ZIP pw:eip

The provided text is a vulnerability writeup for CVE-2006-1593, describing a buffer overflow in the 'is_client_wad_ok' function and a DoS condition in ZDaemon 1.08.01 and prior versions. No actual exploit code is included.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Theoretical

Target: ZDaemon <= 1.08.01

No auth needed

Prerequisites: Network access to the ZDaemon server

MITRE ATT&CK