lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050817201627.7bdf5377.aluigi@autistici.org>
Date: Wed Aug 17 19:17:33 2005
From: aluigi at autistici.org (Luigi Auriemma)
Subject: Buffer-overflow in Chris Moneymaker's World Poker
	Championship 1.0


#######################################################################

                             Luigi Auriemma

Application:  Chris Moneymaker's World Poker Championship
              http://moneymakergaming.com
Versions:     1.0
Platforms:    Windows
Bug:          buffer-overflow
Exploitation: remote, versus server
Date:         17 Aug 2005
Author:       Luigi Auriemma
              e-mail: aluigi@...istici.org
              web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Chris Moneymaker's World Poker Championship is a poker game developed
and published by Valusoft (http://www.valusoft.com) in April 2005.


#######################################################################

======
2) Bug
======


The game is affected by a buffer-overflow during the usage of sprintf()
for the creation of the string "%s has joined the game." (where %s is
replaced by the nickname passed by the client) with a destination
buffer of 256 bytes.


#######################################################################

===========
3) The Code
===========


http://aluigi.altervista.org/poc/chmpokbof.zip


#######################################################################

======
4) Fix
======


The vendor has handled this security bug as a "normal" bug so no patch
is planned.


#######################################################################


--- 
Luigi Auriemma 
http://aluigi.altervista.org 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ