lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: the.soylent at gmail.com (the.soylent)
Subject: sacred (pcgame) server flaw

Program: Sacred (pc game)
http://sacred-game.com
type: simple DoS, no client-auth
affected version: <1.0.6.2

note:
-fixed in later versions (>1.0.7.0) (dated:31.08.2004)
-this security-lag exits for nearly half a year. although ascaron was 
informed at the date of release (02.03.2004), nothing happens long time.

"exploit"-scenario:
Use telnet client to connect to game-port, u will see that a valid(!) 
user connects.
16 times, and server will not accept any more connections (from valid 
users for example).
after "fake-clients" get a timeout, only one of them gets kicked.

example: http://forum.sacred-game.com/attachment.php?attachmentid=1209 
(nothing special)


greetz soylent

---------------------------
stop that "Why is IRC still around?" -crap !!!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ