This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200802-02
(Doomsday: Multiple vulnerabilities)
Luigi Auriemma discovered multiple buffer overflows in the
D_NetPlayerEvent() function, the Msg_Write() function and the
NetSv_ReadCommands() function. He also discovered errors when handling
chat messages that are not NULL-terminated (CVE-2007-4642) or contain a
short data length, triggering an integer underflow (CVE-2007-4643).
Furthermore a format string vulnerability was discovered in the
Cl_GetPackets() function when processing PSV_CONSOLE_TEXT messages
A remote attacker could exploit these vulnerabilities to execute
arbitrary code with the rights of the user running the Doomsday server
or cause a Denial of Service by sending specially crafted messages to
There is no known workaround at this time.
See also :
While some of these issues could be resolved in
'games-fps/doomsday-1.9.0-beta5.2', the format string vulnerability
(CVE-2007-4644) remains unfixed. We recommend that users unmerge
# emerge --unmerge games-fps/doomsday
Risk factor :
Critical / CVSS Base Score : 10.0
Family: Gentoo Local Security Checks
Nessus Plugin ID: 30244 (gentoo_GLSA-200802-02.nasl)
CVE ID: CVE-2007-4642CVE-2007-4643CVE-2007-4644
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.