Three problems were identified in Vavoom. See URL for original advisory containing the details. -------------------- A] Say format string -------------------- format string vulnerability exploitable through the sending of a chat message, the BroadcastPrintf function is called passing a string containing the name of the user plus his message without the proper format argument. Additional notes: Please do an update as soon as possible, as first two flaws imply the possibility to execute arbitrary code on behalf of the running server. ---------------------------------- B] BroadcastPrintf buffer-overflow ---------------------------------- buffer-overflow vulnerability located in the BroadcastPrintf function, the steps for exploiting it are the same of the previous bug. --------------------------------- C] "NewLen >= 0" assertion failed --------------------------------- a failed assert in the following function called, for example, when a string is passed with an invalid size allows an attacker to terminate the server.
I've contacted upstream about this, usually they are very quick with responses to normal bugs, so I expect a fix from them shortly.
vavoom-1.24-3.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.