lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <000a01c4cb3f$c46ea420$0700a8c0@pchome>
From: manowar at dnt.ro (Manowar)
Subject: Re: Format string bug in Army Men RTS

i don't suppose you noticed 3do has been gone from the gaming scene for 
years, did you?
should we expect any buffer overflow in wolf3d/spear of destiny any time 
soon?
have a nice day.

----- Original Message ----- 
From: "Luigi Auriemma" <aluigi@...istici.org>
To: <bugtraq@...urityfocus.com>; <bugs@...uritytracker.com>; 
<news@...uriteam.com>; <full-disclosure@...ts.netsys.com>; 
<vuln@...unia.com>
Sent: Sunday, November 14, 2004 10:44 PM
Subject: Format string bug in Army Men RTS


>
> #######################################################################
>
>                             Luigi Auriemma
>
> Application:  Army Men RTS
>              http://www.3do.com/armymen/armymen/
> Versions:     1.0
> Platforms:    Windows
> Bug:          format string
> Exploitation: remote, versus server
> Date:         14 November 2004
> Author:       Luigi Auriemma
>              e-mail: aluigi@...ervista.org
>              web:    http://aluigi.altervista.org
>
>
> #######################################################################
>
>
> 1) Introduction
> 2) Bug
> 3) The Code
> 4) Fix
>
>
> #######################################################################
>
> ===============
> 1) Introduction
> ===============
>
>
> Army Men RTS is a real-time strategy game developed by Pandemic Studios
> (http://www.pandemicstudios.com) and released in March 2002.
>
>
> #######################################################################
>
> ======
> 2) Bug
> ======
>
>
> The game server is affected by a format string bug in the name of the
> player that joins in it.
>
>
> #######################################################################
>
> ===========
> 3) The Code
> ===========
>
>
> Join a server using the nickname %n%n%n, it will crash immediately.
>
>
> #######################################################################
>
> ======
> 4) Fix
> ======
>
>
> No fix.
> The game is no longer supported.
>
>
> #######################################################################
>
>
> --- 
> Luigi Auriemma
> http://aluigi.altervista.org
>
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ