ID CVE-2007-4370
Summary Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000.
References
Vulnerable Configurations
  • cpe:2.3:a:racer:racer:0.5.3
    cpe:2.3:a:racer:racer:0.5.3
CVSS
Base: 7.5 (as of 16-08-2007 - 04:39)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
  • description Racer v0.5.3 beta 5 Remote Buffer Overflow Exploit. CVE-2007-4370. Remote exploit for windows platform
    file exploits/windows/remote/4283.pl
    id EDB-ID:4283
    last seen 2016-01-31
    modified 2007-08-13
    platform windows
    port 26000
    published 2007-08-13
    reporter n00b
    source https://www.exploit-db.com/download/4283/
    title Racer 0.5.3 beta 5 - Remote Buffer Overflow Exploit
    type remote
  • description Racer 0.5.3b5 Remote Stack Buffer Overflow Exploit. CVE-2007-4370. Remote exploit for windows platform
    id EDB-ID:8253
    last seen 2016-02-01
    modified 2009-03-20
    published 2009-03-20
    reporter fl0 fl0w
    source https://www.exploit-db.com/download/8253/
    title Racer 0.5.3b5 - Remote Stack Buffer Overflow Exploit
  • description Racer v0.5.3 beta 5 Buffer Overflow. CVE-2007-4370. Remote exploit for windows platform
    id EDB-ID:16694
    last seen 2016-02-02
    modified 2010-09-20
    published 2010-09-20
    reporter metasploit
    source https://www.exploit-db.com/download/16694/
    title Racer 0.5.3 beta 5 - Buffer Overflow
metasploit via4
description This module exploits the Racer Car and Racing Simulator game versions v0.5.3 beta 5 and earlier. Both the client and server listen on UDP port 26000. By sending an overly long buffer we are able to execute arbitrary code remotely.
id MSF:EXPLOIT/WINDOWS/GAMES/RACER_503BETA5
last seen 2019-03-25
modified 2017-11-08
published 2009-05-03
reliability Great
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/games/racer_503beta5.rb
title Racer v0.5.3 Beta 5 Buffer Overflow
nessus via4
NASL family Gentoo Local Security Checks
NASL id GENTOO_GLSA-201412-09.NASL
description The remote host is affected by the vulnerability described in GLSA-201412-09 (Multiple packages, Multiple vulnerabilities fixed in 2011) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. FMOD Studio PEAR Mail LVM2 GnuCash xine-lib Last.fm Scrobbler WebKitGTK+ shadow tool suite PEAR unixODBC Resource Agents mrouted rsync XML Security Library xrdb Vino OProfile syslog-ng sFlow Toolkit GNOME Display Manager libsoup CA Certificates Gitolite QtCreator Racer Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There are no known workarounds at this time.
last seen 2019-02-21
modified 2017-04-15
plugin id 79962
published 2014-12-15
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=79962
title GLSA-201412-09 : Multiple packages, Multiple vulnerabilities fixed in 2011
packetstorm via4
data source https://packetstormsecurity.com/files/download/83103/racer_503beta5.rb.txt
id PACKETSTORM:83103
last seen 2016-12-05
published 2009-11-26
reporter Trancek
source https://packetstormsecurity.com/files/83103/Racer-v0.5.3-beta-5-Buffer-Overflow.html
title Racer v0.5.3 beta 5 Buffer Overflow
refmap via4
bid 25297
exploit-db 4283
osvdb 39601
xf racer-message-bo(35991)
Last major update 15-11-2008 - 01:56
Published 15-08-2007 - 19:17
Last modified 28-09-2017 - 21:29
Back to Top