lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <003201c34a18$d7db4d50$0201a8c0@dell>
Date: Mon, 14 Jul 2003 11:01:37 -0400
From: "st0ic" <st0ic@...x.net>
To: <bugtraq@...urityfocus.com>
Subject: StarSiege: Tribes DoS

Advisory Name: "Starsiege: Tribes" DoS
Release Date: 07/14/2003
Discovered: 06/09/2003
Application: Tribes.exe
Platform: PC with Windows 2k; others not tested
Severity: High
Discovery: JadaCyruS <jadacyrus@...x.net>
Author: st0ic <st0ic@...x.net>
Vendor: Sierra Entertainment - http://www.sierra.com/

Overview:
     Sierra's "StarSiege: Tribes" game is vulnerable to a DoS (Denial of
Service) attack when running.

Technical Overview:
     This vulnerability is exploited by sending a malformed UDP
(User-Datagram
Protocol) packet containing 255 arbitrary characters to the affected host on
the
game port (usually 28001) causing the host server to crash. If The server is
running with help from InfiniteSpawn.exe, a program provided by the vendor
that
re-spawns the server when terminated, the server will be re-activated, but
all
previous game play and players are lost and disconnected.

Fix:
     Contacted Sierra over a month ago and we were "forwarded to their
database
admin" from which we received no further feedback. So, no vendor fix
available.

Exploit:
     Attached PHP and C source code files.

Notes:
     Tribes 2 (PC) and Tribes Aerial Assault (Playstation 2) are untested as
no
one at Fsix owns a copy of them. Lets hope there not vuln.

-st0ic
[http://www.fsix.net/]

Download attachment "byebye_tribes.zip" of type "application/x-zip-compressed" (11740 bytes)

Download attachment "byebye_tribes.phps" of type "application/octet-stream" (772 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ