Bug 256621 (CVE-2007-4534) - CVE-2007-453{3,4,5} Vavoom multiple vulnerabilities
Summary: CVE-2007-453{3,4,5} Vavoom multiple vulnerabilities
Alias: CVE-2007-4534
Product: Fedora
Classification: Fedora
Component: vavoom
Version: 7
Hardware: All
OS: All
Target Milestone: ---
Assignee: Hans de Goede
QA Contact: Fedora Extras Quality Assurance
URL: http://aluigi.altervista.org/adv/vabo...
Whiteboard: impact=critical
Depends On:
TreeView+ depends on / blocked
Reported: 2007-08-27 14:55 UTC by Lubomir Kundrak
Modified: 2007-11-30 22:12 UTC (History)
0 users

Fixed In Version: 1.24-3.fc7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-09-04 22:09:44 UTC
Type: ---

Attachments (Terms of Use)

Description Lubomir Kundrak 2007-08-27 14:55:19 UTC
Three problems were identified in Vavoom. See URL for original advisory
containing the details.

A] Say format string

format string vulnerability exploitable through the sending of a chat
message, the BroadcastPrintf function is called passing a string
containing the name of the user plus his message without the proper
format argument.

Additional notes:

Please do an update as soon as possible, as first two flaws imply the
possibility to execute arbitrary code on behalf of the running server.

B] BroadcastPrintf buffer-overflow

buffer-overflow vulnerability located in the BroadcastPrintf function,
the steps for exploiting it are the same of the previous bug.

C] "NewLen >= 0" assertion failed

a failed assert in the following function called, for example, when a
string is passed with an invalid size allows an attacker to terminate
the server.

Comment 2 Hans de Goede 2007-08-27 17:30:35 UTC
I've contacted upstream about this, usually they are very quick with responses
to normal bugs, so I expect a fix from them shortly.

Comment 3 Fedora Update System 2007-09-04 22:09:42 UTC
vavoom-1.24-3.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.