[Full-Disclosure] Crash in Lords of the Realm III 1.01

From: Luigi Auriemma (aluigi_at_autistici.org)
Date: 09/19/04

  • Next message: 3APA3A: "Re: [Full-Disclosure] The remote Openssh User-Level-Denial-Of-Service"
    To: bugtraq@securityfocus.com, bugs@securitytracker.com, news@securiteam.com, full-disclosure@lists.netsys.com, vuln@secunia.com
    Date: Sun, 19 Sep 2004 21:52:54 +0000
    
    

    #######################################################################

                                 Luigi Auriemma

    Application: Lords of the Realm III
                  http://www.lords3.com
    Versions: <= 1.01
    Platforms: Windows
    Bug: crash
    Risk: low/medium
    Exploitation: remote, versus server
    Date: 19 September 2004
    Author: Luigi Auriemma
                  e-mail: aluigi@altervista.org
                  web: http://aluigi.altervista.org

    #######################################################################

    1) Introduction
    2) Bug
    3) The Code
    4) Fix

    #######################################################################

    ===============
    1) Introduction
    ===============

    Lords of the Realm III is a strategic game developed by Impressions
    Games (http://www.impressionsgames.com) and released in March 2004.

    #######################################################################

    ======
    2) Bug
    ======

    The problem is located in the length of the user's nickname, in fact if
    it is too long the server will try to write to an unallocated zone of
    the memory.

    The bug can be exploited only when the server is in the lobby stage (so
    when users can join it) because it is the only moment that it accepts
    connections.

    #######################################################################

    ===========
    3) The Code
    ===========

    http://aluigi.altervista.org/poc/lotr3boom.zip

    #######################################################################

    ======
    4) Fix
    ======

    No fix.
    Doesn't exist an e-mail address to directly contact the developers...

    #######################################################################

    ---
    Luigi Auriemma
    http://aluigi.altervista.org

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: 3APA3A: "Re: [Full-Disclosure] The remote Openssh User-Level-Denial-Of-Service"

    Relevant Pages