CVE-2007-4642 - Vulnerability Details - OpenCVE

Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allow remote attackers to execute arbitrary code via a long chat (PKT_CHAT) message that is not properly handled by the (1) D_NetPlayerEvent function in d_net.c or the (2) Msg_Write function in net_msg.c, or (3) many commands that are not properly handled by the NetSv_ReadCommands function in d_netsv.c; or (4) cause a denial of service (daemon crash) via a chat (PKT_CHAT) message without a final '\0' character.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Doomsday	Doomsday

Configuration 1 [-]

cpe:2.3:a:doomsday:doomsday:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://aluigi.altervista.org/adv/dumsdei-adv.txt
http://aluigi.org/poc/dumsdei.zip
http://bugs.gentoo.org/show_bug.cgi?id=190835
http://secunia.com/advisories/26524
http://secunia.com/advisories/28821
http://security.gentoo.org/glsa/glsa-200802-02.xml
http://securityreason.com/securityalert/3084
http://www.securityfocus.com/archive/1/478077/100/0/threaded
http://www.securityfocus.com/bid/25483
https://exchange.xforce.ibmcloud.com/vulnerabilities/36332
https://exchange.xforce.ibmcloud.com/vulnerabilities/36333
https://exchange.xforce.ibmcloud.com/vulnerabilities/36334

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-31T23:00:00

Updated: 2024-08-07T15:01:09.971Z

Reserved: 2007-08-31T00:00:00

Link: CVE-2007-4642

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-08-31T23:17:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-4642

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-29T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allow remote attackers to execute arbitrary code via a long chat (PKT_CHAT) message that is not properly handled by the (1) D_NetPlayerEvent function in d_net.c or the (2) Msg_Write function in net_msg.c, or (3) many commands that are not properly handled by the NetSv_ReadCommands function in d_netsv.c; or (4) cause a denial of service (daemon crash) via a chat (PKT_CHAT) message without a final '\\0' character."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "3084", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3084"}, {"name": "28821", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28821"}, {"name": "doomsday-dnetplayerevent-bo(36332)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36332"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.altervista.org/adv/dumsdei-adv.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=190835"}, {"name": "26524", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26524"}, {"name": "20070829 Multiple vulnerabilities in Doomsday 1.9.0-beta5.1", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/478077/100/0/threaded"}, {"name": "doomsday-msgwrite-bo(36333)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36333"}, {"name": "25483", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25483"}, {"name": "GLSA-200802-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200802-02.xml"}, {"name": "doomsday-netsvreadcommands-bo(36334)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36334"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.org/poc/dumsdei.zip"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4642", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allow remote attackers to execute arbitrary code via a long chat (PKT_CHAT) message that is not properly handled by the (1) D_NetPlayerEvent function in d_net.c or the (2) Msg_Write function in net_msg.c, or (3) many commands that are not properly handled by the NetSv_ReadCommands function in d_netsv.c; or (4) cause a denial of service (daemon crash) via a chat (PKT_CHAT) message without a final '\\0' character."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "3084", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3084"}, {"name": "28821", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28821"}, {"name": "doomsday-dnetplayerevent-bo(36332)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36332"}, {"name": "http://aluigi.altervista.org/adv/dumsdei-adv.txt", "refsource": "MISC", "url": "http://aluigi.altervista.org/adv/dumsdei-adv.txt"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=190835", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=190835"}, {"name": "26524", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26524"}, {"name": "20070829 Multiple vulnerabilities in Doomsday 1.9.0-beta5.1", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/478077/100/0/threaded"}, {"name": "doomsday-msgwrite-bo(36333)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36333"}, {"name": "25483", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25483"}, {"name": "GLSA-200802-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200802-02.xml"}, {"name": "doomsday-netsvreadcommands-bo(36334)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36334"}, {"name": "http://aluigi.org/poc/dumsdei.zip", "refsource": "MISC", "url": "http://aluigi.org/poc/dumsdei.zip"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:01:09.971Z"}, "title": "CVE Program Container", "references": [{"name": "3084", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3084"}, {"name": "28821", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28821"}, {"name": "doomsday-dnetplayerevent-bo(36332)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36332"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aluigi.altervista.org/adv/dumsdei-adv.txt"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=190835"}, {"name": "26524", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26524"}, {"name": "20070829 Multiple vulnerabilities in Doomsday 1.9.0-beta5.1", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/478077/100/0/threaded"}, {"name": "doomsday-msgwrite-bo(36333)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36333"}, {"name": "25483", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25483"}, {"name": "GLSA-200802-02", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200802-02.xml"}, {"name": "doomsday-netsvreadcommands-bo(36334)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36334"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aluigi.org/poc/dumsdei.zip"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4642", "datePublished": "2007-08-31T23:00:00", "dateReserved": "2007-08-31T00:00:00", "dateUpdated": "2024-08-07T15:01:09.971Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:doomsday:doomsday:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7090328-E28E-46D1-93D9-CFEC55F8C130", "versionEndIncluding": "1.9.0_beta5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allow remote attackers to execute arbitrary code via a long chat (PKT_CHAT) message that is not properly handled by the (1) D_NetPlayerEvent function in d_net.c or the (2) Msg_Write function in net_msg.c, or (3) many commands that are not properly handled by the NetSv_ReadCommands function in d_netsv.c; or (4) cause a denial of service (daemon crash) via a chat (PKT_CHAT) message without a final '\\0' character."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en Doomsday (tambi\u00e9n conocido como deng) 1.9.0-beta5.1 y versiones anteriores permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un mensaje de chat largo (PKT_CHAT) que no es gestionado adecuadamente por la funci\u00f3n (1) D_NetPlayerEvent de d_net.c \u00f3 (2) Msg_Write de net_msg.c, or (3) muchos comandos que no son apropiadamente gestionados por la funci\u00f3n NetSv_ReadCommands de d_netsv.c; \u00f3 (4) provocar una denegaci\u00f3n de servicio (ca\u00edda de demonio) mediante un mensaje de chat (PKT_CHAT) sin un caracter final '\\0'."}], "id": "CVE-2007-4642", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-31T23:17:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://aluigi.altervista.org/adv/dumsdei-adv.txt"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://aluigi.org/poc/dumsdei.zip"}, {"source": "cve@mitre.org", "url": "http://bugs.gentoo.org/show_bug.cgi?id=190835"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26524"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28821"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200802-02.xml"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3084"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/478077/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/25483"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36332"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36333"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36334"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://aluigi.altervista.org/adv/dumsdei-adv.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://aluigi.org/poc/dumsdei.zip"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.gentoo.org/show_bug.cgi?id=190835"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26524"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28821"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200802-02.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3084"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/478077/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/25483"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36332"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36333"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36334"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}