Crash in Alpha Black Zero 1.04

• Previous message: xploitable: "Re: [Full-Disclosure] Yahoo! Spam Filter Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 29 Sep 2004 21:11:57 +0000
To: bugtraq@securityfocus.com, bugs@securitytracker.com, news@securiteam.com, full-disclosure@lists.netsys.com, vuln@secunia.com

#######################################################################

                             Luigi Auriemma

Application: Alpha Black Zero: Intrepid Protocol
              http://www.playlogicgames.nl/abz/
Versions: <= 1.04
Platforms: Windows
Bug: crash
Risk: medium
Exploitation: remote, versus server
Date: 29 September 2004
Author: Luigi Auriemma
              e-mail: aluigi@altervista.org
              web: http://aluigi.altervista.org

#######################################################################

1) Introduction
2) Bug
3) The Code
4) Fix

#######################################################################

===============
1) Introduction
===============

Alpha Black Zero (ABZ) is a third person strategic shooter developed by
Khaeon (http://www.khaeon.nl) and released in August 2004.

#######################################################################

======
2) Bug
======

Like any existent game, also ABZ supports a maximum nuber of players in
multiplayer mode.
The problem is that players are not limited by the server which crashs
if too much clients tries to join.
Then the possibility to emulate a join request with only one UDP packet
makes the bug very easy to exploit.

#######################################################################

===========
3) The Code
===========

http://aluigi.altervista.org/poc/abzboom.zip

#######################################################################

======
4) Fix
======

No fix.
The game is no longer supported.

#######################################################################

---
Luigi Auriemma
http://aluigi.altervista.org

• Previous message: xploitable: "Re: [Full-Disclosure] Yahoo! Spam Filter Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Crash in Alpha Black Zero 1.04 ... Application: Alpha Black Zero: Intrepid Protocol ... Bug ... Fix ... The problem is that players are not limited by the server which crashs ... (Bugtraq) Need for Speed Hot pursuit 2 <= 242 clients buffer overflow ... Bug ... Fix ... long string in the informations replied by the server. ... the clients automatically request informations to the ... (Bugtraq) [Full-disclosure] Format string bug in Skulltag 0.96f ... Bug ... Fix ... The server is affected by a format string vulnerability exploitable ... The exploitation happens "outside" the server so there are no banning ... (Full-Disclosure) Format string bug in Army Men RTS ... Bug ... Fix ... Army Men RTS is a real-time strategy game developed by Pandemic Studios ... The game server is affected by a format string bug in the name of the ... (Bugtraq) [Full-Disclosure] Crash in Lords of the Realm III 1.01 ... Exploitation: remote, versus server ... Bug ... Fix ... (Full-Disclosure)