Shodan
Vulnerabilities
Vulnerable Software
Toribash:  Security Vulnerabilities
CVE-2007-4446
Format string vulnerability in the server in Toribash 2.71 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the NICK command (client nickname) when entering a game.
CVSS Score
7.5
EPSS Score
0.071
Published
2007-08-21
CVE-2007-4447
Multiple buffer overflows in the client in Toribash 2.71 and earlier allow remote attackers to (1) execute arbitrary code via a long game command in a replay (.rpl) file and (2) cause a denial of service (application crash) via a long SAY command that omits a required LF character; and allow remote Toribash servers to execute arbitrary code via (3) a long game command and (4) a long SAY command that omits a required LF character.
CVSS Score
7.5
EPSS Score
0.043
Published
2007-08-21
CVE-2007-4448
The server in Toribash 2.71 and earlier does not properly handle partially joined clients that are temporarily assigned the ID of -1, which allows remote attackers to cause a denial of service (daemon crash) via a GRIP command with the ID of -1.
CVSS Score
5.0
EPSS Score
0.013
Published
2007-08-21
CVE-2007-4449
The client in Toribash 2.71 and earlier allows remote attackers to cause a denial of service (application hang) via a command without an LF character, as demonstrated by a SAY command.
CVSS Score
5.0
EPSS Score
0.008
Published
2007-08-21
CVE-2007-4450
The server in Toribash 2.71 and earlier does not properly handle long commands, which allows remote attackers to trigger a protocol violation in which data is sent to other clients without a required LF character, as demonstrated by a SAY command. NOTE: the security impact of this violation is not clear, although it probably makes exploitation of CVE-2007-4449 easier.
CVSS Score
5.0
EPSS Score
0.007
Published
2007-08-21
CVE-2007-4451
The server in Toribash 2.71 and earlier on Windows allows remote attackers to cause a denial of service (continuous beep and server hang) via certain commands that contain many 0x07 or other invalid characters.
CVSS Score
5.0
EPSS Score
0.008
Published
2007-08-21
CVE-2007-4452
The client in Toribash 2.71 and earlier allows remote attackers to cause a denial of service (disconnection) via a long (1) emote or (2) SPEC command.
CVSS Score
5.0
EPSS Score
0.013
Published
2007-08-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved