lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041128154708.3382f7e6.aluigi@autistici.org>
Date: Sun, 28 Nov 2004 15:47:08 +0000
From: Luigi Auriemma <aluigi@...istici.org>
To: bugtraq@...urityfocus.com, bugs@...uritytracker.com, news@...uriteam.com,
   full-disclosure@...ts.netsys.com, vuln@...unia.com
Subject: Players overflow in Serious engine UDP (was Alpha Black Zero, 29
 Sep 2004)



#######################################################################

                             Luigi Auriemma

Application:  Serious engine
              http://www.seriousengine.com
Games:        all the games based on this engine and using the UDP
              protocol:
              - Alpha Black Zero
              - Nitro family
              - Serious Sam Second Encounter 1.07
Platforms:    Windows, Linux and Mac
Bug:          crash
Exploitation: remote, versus server
Date:         28 November 2004 (and 29 Sep 2004)
Author:       Luigi Auriemma
              e-mail: aluigi@...ervista.org
              web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


The Serious engine is a well known game engine developed by Croteam
(http://www.croteam.com) and used by some games.


#######################################################################

======
2) Bug
======


The bug affects the games based on the Serious engine using the UDP
protocol (those using TCP are immune).

The problem is that the server doesn't limit the amount of new players,
so it crashs when too much (fake) players try to join.

Is needed only one packet to create a fake player and the bug can be
exploited also versus servers protected by password "without" knowing
the keyword.


#######################################################################

===========
3) The Code
===========


http://aluigi.altervista.org/fakep/ssfakep.zip


#######################################################################

======
4) Fix
======


No fix.


#######################################################################


--- 
Luigi Auriemma
http://aluigi.altervista.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ