CVE-2007-4446

Toribash < 2.71 - Remote Code Execution via NICK Command Format String

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4446. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The provided text describes multiple remote code-execution and denial-of-service vulnerabilities in Toribash, referencing a security advisory (BID 25359) and a binary exploit archive. No actual exploit code is included in the snippet.

Description

Format string vulnerability in the server in Toribash 2.71 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the NICK command (client nickname) when entering a game.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luigi Auriemma · textremotemultiple

https://www.exploit-db.com/exploits/30508

View Code ZIP pw:eip

The provided text describes multiple remote code-execution and denial-of-service vulnerabilities in Toribash, referencing a security advisory (BID 25359) and a binary exploit archive. No actual exploit code is included in the snippet.

Classification

Writeup 90%

Attack Type

Rce | Dos

Complexity

Trivial

Reliability

Theoretical

Target: Toribash (version unspecified)

No auth needed

Prerequisites: Network access to Toribash server or client

MITRE ATT&CK