CVE-2006-1618

Doomsday 1.8.6 - Remote Code Execution via Format String in JOIN Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1618. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit leverages a format-string vulnerability in Doomsday by sending a malformed JOIN command to TCP port 13209, potentially allowing arbitrary code execution or causing a denial of service.

Description

Format string vulnerability in the (1) Con_message and (2) conPrintf functions in con_main.c in Doomsday engine 1.8.6 allows remote attackers to execute arbitrary code via format string specifiers in an argument to the JOIN command, and possibly other command arguments.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Luigi Auriemma · textdosmultiple
https://www.exploit-db.com/exploits/27566

This exploit leverages a format-string vulnerability in Doomsday by sending a malformed JOIN command to TCP port 13209, potentially allowing arbitrary code execution or causing a denial of service.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Doomsday (version not specified)
No auth needed
Prerequisites: Network access to TCP port 13209
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/429857/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015860
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200604-05.xml
Exploit, Vendor Advisory x_refsource_misc
http://aluigi.altervista.org/adv/doomsdayfs-adv.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25622
Mailing List mailing-list x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044865.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19519
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17369
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19515
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1221

Scores

EPSS 0.1319
EPSS Percentile 95.9%

Details

Status published
Products (1)
doomsday/doomsday 1.8.6
Published Apr 05, 2006
Tracked Since Feb 18, 2026