Vulnerabilities > CVE-2007-4447 - Unspecified vulnerability in Toribash
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple buffer overflows in the client in Toribash 2.71 and earlier allow remote attackers to (1) execute arbitrary code via a long game command in a replay (.rpl) file and (2) cause a denial of service (application crash) via a long SAY command that omits a required LF character; and allow remote Toribash servers to execute arbitrary code via (3) a long game command and (4) a long SAY command that omits a required LF character.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://aluigi.org/poc/toribashish.zip
- http://aluigi.org/poc/toribashish.zip
- http://secunia.com/advisories/26507
- http://secunia.com/advisories/26507
- http://securityreason.com/securityalert/3033
- http://securityreason.com/securityalert/3033
- http://www.securityfocus.com/archive/1/477025/100/0/threaded
- http://www.securityfocus.com/archive/1/477025/100/0/threaded
- http://www.securityfocus.com/bid/25359
- http://www.securityfocus.com/bid/25359
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36097
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36097