CVE-2007-4642

Doomsday 1.9.0-beta5.1 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4642. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The provided text is a vulnerability writeup for CVE-2007-4642, describing multiple remote vulnerabilities in Doomsday Engine, including buffer overflows, DoS, format string, and integer overflow issues. It references a binary exploit but does not contain actual exploit code.

Description

Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allow remote attackers to execute arbitrary code via a long chat (PKT_CHAT) message that is not properly handled by the (1) D_NetPlayerEvent function in d_net.c or the (2) Msg_Write function in net_msg.c, or (3) many commands that are not properly handled by the NetSv_ReadCommands function in d_netsv.c; or (4) cause a denial of service (daemon crash) via a chat (PKT_CHAT) message without a final '\0' character.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luigi Auriemma · textremotelinux

https://www.exploit-db.com/exploits/30543

View Code ZIP pw:eip

The provided text is a vulnerability writeup for CVE-2007-4642, describing multiple remote vulnerabilities in Doomsday Engine, including buffer overflows, DoS, format string, and integer overflow issues. It references a binary exploit but does not contain actual exploit code.

Classification

Writeup 90%

Attack Type

Rce | Dos

Complexity

Moderate

Reliability

Theoretical

Target: Doomsday Engine 1.90-beta5.1

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK