lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 24 May 2005 14:55:21 -0400
From: Joel Esler <eslerj@...il.com>
To: Luigi Auriemma <aluigi@...istici.org>
Cc: red@...sec.de, vuln@...unia.com, news@...uriteam.com,
	full-disclosure@...ts.grok.org.uk, bugs@...uritytracker.com,
	bugtraq@...urityfocus.com
Subject: Re: Endless loop in Halo 1.06


(I suppose that may have been a little funnier, had I spelled "BASIC" correctly.

Jeez...

On 5/24/05, Joel Esler <eslerj@...il.com> wrote:
> I heard you can create a loop by using "BASEIC" code by going into the
> menu running
> 
> 10 Click on "Settings"
> 20 Click on "Main Menu"
> 30 Click on "Settings"
> 40 Click on "Main Menu"
> 50 GOTO 10
> 
> 
> On 5/24/05, Luigi Auriemma <aluigi@...istici.org> wrote:
> >
> > #######################################################################
> >
> >                             Luigi Auriemma
> >
> > Application:  Halo: Combat Evolved
> >              http://www.microsoft.com/games/pc/halo.aspx
> > Versions:     <= 1.06 and Custom Edition 1.00
> > Platforms:    Windows
> > Bug:          endless loop
> > Exploitation: remote, versus server
> > Date:         24 May 2005
> > Author:       Luigi Auriemma
> >              e-mail: aluigi@...istici.org
> >              web:    http://aluigi.altervista.org
> >
> >
> > #######################################################################
> >
> >
> > 1) Introduction
> > 2) Bug
> > 3) The Code
> > 4) Fix
> >
> >
> > #######################################################################
> >
> > ===============
> > 1) Introduction
> > ===============
> >
> >
> > Halo is the great FPS game developed by Bungie Studios and ported on PC
> > by Gearbox Software (http://www.gearboxsoftware.com).
> > It is published by Microsoft Games (http://www.microsoft.com/games/)
> > and has been released at the end of 2003.
> >
> >
> > #######################################################################
> >
> > ======
> > 2) Bug
> > ======
> >
> >
> > The game is not able to handle the malformed data with the conseguence
> > of entering in an endless loop that continues to check the same data.
> > The effects are that the server freezes completely, so is no longer
> > able to handle packets, and the CPU goes to 100%.
> >
> >
> > #######################################################################
> >
> > ===========
> > 3) The Code
> > ===========
> >
> >
> > http://aluigi.altervista.org/poc/haloloop.zip
> >
> >
> > #######################################################################
> >
> > ======
> > 4) Fix
> > ======
> >
> >
> > The upcoming version 1.07 should be released in these days, the bug has
> > been reported to the developers exactly one month ago.
> >
> >
> > #######################################################################
> >
> >
> > ---
> > Luigi Auriemma
> > http://aluigi.altervista.org
> >
> >
> 
> 
> --
> Joel Esler
> BASE Project Lead
> http://sourceforge.net/projects/secureideas
> 


-- 
Joel Esler
BASE Project Lead
http://sourceforge.net/projects/secureideas
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists