Joined: 12 May 2004
|Posted: Thu Apr 06, 2006 4:26 am Post subject: [ GLSA 200604-05 ] Doomsday: Format string vulnerability
|Gentoo Linux Security Advisory
Title: Doomsday: Format string vulnerability (GLSA 200604-05)
Date: April 06, 2006
Updated: June 15, 2006
Format string vulnerabilities in Doomsday may lead to the execution of arbitrary code.
Doomsday is a modern gaming engine for popular ID games like Doom, Heretic and Hexen.
Vulnerable: <= 1.9.0_beta4
Unaffected: >= 1.9.0_beta4
Architectures: All supported architectures
Luigi Auriemma discovered that Doomsday incorrectly implements formatted printing.
A remote attacker could exploit these vulnerabilities to execute arbitrary code with the rights of the user running the Doomsday server or client by sending specially crafted strings.
There is no known workaround at this time.
All Doomsday users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=games-fps/doomsday-1.9.0_beta4"
Original advisory by Luigi Auriemma
Last edited by GLSA on Fri Jun 16, 2006 4:18 am; edited 2 times in total