Bug 256621 - (CVE-2007-4534) CVE-2007-453{3,4,5} Vavoom multiple vulnerabilities
CVE-2007-453{3,4,5} Vavoom multiple vulnerabilities
Product: Fedora
Classification: Fedora
Component: vavoom (Show other bugs)
All All
low Severity low
: ---
: ---
Assigned To: Hans de Goede
Fedora Extras Quality Assurance
: Security
Depends On:
  Show dependency treegraph
Reported: 2007-08-27 10:55 EDT by Lubomir Kundrak
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version: 1.24-3.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-09-04 18:09:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Lubomir Kundrak 2007-08-27 10:55:19 EDT
Three problems were identified in Vavoom. See URL for original advisory
containing the details.

A] Say format string

format string vulnerability exploitable through the sending of a chat
message, the BroadcastPrintf function is called passing a string
containing the name of the user plus his message without the proper
format argument.

Additional notes:

Please do an update as soon as possible, as first two flaws imply the
possibility to execute arbitrary code on behalf of the running server.

B] BroadcastPrintf buffer-overflow

buffer-overflow vulnerability located in the BroadcastPrintf function,
the steps for exploiting it are the same of the previous bug.

C] "NewLen >= 0" assertion failed

a failed assert in the following function called, for example, when a
string is passed with an invalid size allows an attacker to terminate
the server.
Comment 2 Hans de Goede 2007-08-27 13:30:35 EDT
I've contacted upstream about this, usually they are very quick with responses
to normal bugs, so I expect a fix from them shortly.
Comment 3 Fedora Update System 2007-09-04 18:09:42 EDT
vavoom-1.24-3.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.