GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Apr 06, 2006 4:26 am Post subject: [ GLSA 200604-05 ] Doomsday: Format string vulnerability |
 |
|
Gentoo Linux Security Advisory
Title: Doomsday: Format string vulnerability (GLSA 200604-05)
Severity: high
Exploitable: remote
Date: April 06, 2006
Updated: June 15, 2006
Bug(s): #128690
ID: 200604-05
Synopsis
Format string vulnerabilities in Doomsday may lead to the execution of arbitrary code.
Background
Doomsday is a modern gaming engine for popular ID games like Doom, Heretic and Hexen.
Affected Packages
Package: games-fps/doomsday
Vulnerable: <= 1.9.0_beta4
Unaffected: >= 1.9.0_beta4
Architectures: All supported architectures
Description
Luigi Auriemma discovered that Doomsday incorrectly implements formatted printing.
Impact
A remote attacker could exploit these vulnerabilities to execute arbitrary code with the rights of the user running the Doomsday server or client by sending specially crafted strings.
Workaround
There is no known workaround at this time.
Resolution
All Doomsday users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=games-fps/doomsday-1.9.0_beta4" |
References
CVE-2006-1618
Original advisory by Luigi Auriemma
Last edited by GLSA on Fri Jun 16, 2006 4:18 am; edited 2 times in total |
|
News & Announcements
