CVE-2007-1371

Conquest < 8.2a - Multiple Buffer Overflow via Metaserver Query and SP_CLIENTSTAT Packet

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1371. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit demonstrates a stack-based buffer overflow in Conquest 8.2a by sending a payload of 1200 'a' characters to a fake metaserver, causing the client to crash and attempt execution at offset 0x61616161.

Description

Multiple buffer overflows in Conquest 8.2a and earlier (1) allow local users to gain privileges by querying a metaserver that sends a long server entry processed by metaGetServerList and allow remote metaservers to execute arbitrary code via a long server entry processed by metaGetServerList; (2) allow attackers to have an unknown impact by exceeding the configured number of metaservers; and allow remote attackers to corrupt memory via a SP_CLIENTSTAT packet with certain values of (3) unum or (4) snum, different vulnerabilities than CVE-2003-0933.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · textdoslinux

https://www.exploit-db.com/exploits/29717

View Code ZIP pw:eip

This exploit demonstrates a stack-based buffer overflow in Conquest 8.2a by sending a payload of 1200 'a' characters to a fake metaserver, causing the client to crash and attempt execution at offset 0x61616161.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Conquest 8.2a

No auth needed

Prerequisites: Network access to the target · Ability to run a fake metaserver on port 1700

MITRE ATT&CK