| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20051021182136.13693b43.aluigi@autistici.org> Date: Fri Oct 21 17:21:14 2005 From: aluigi at autistici.org (Luigi Auriemma) Subject: F.E.A.R. 1.01 likes lithsock F.E.A.R. (First Encounter Assault and Recon, http://www.whatisfear.com) is the recent FPS game developed by Monolith. I knew it was vulnerable from many months but I was really curious to see if the developers were so brave to leave this old "silent socket termination" bug unpatched not only in the retail game released in October but also in the 1.01 patch released just 4 days ago. The original advisory and proof-of-concept I released in the far December 2004 are available here: http://aluigi.altervista.org/adv/lithsock-adv.txt http://aluigi.altervista.org/poc/lithsock.zip --- Luigi Auriemma http://aluigi.altervista.org
Powered by blists - more mailing lists