[Full-disclosure] Buffer-overflow and crash in Terminator 3: War of the Machines 1.16

• Previous message: Martin Pitt: "[Full-disclosure] [USN-134-1] Firefox vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 26 May 2005 17:44:41 +0000
To: bugtraq@securityfocus.com, bugs@securitytracker.com, news@securiteam.com, full-disclosure@lists.grok.org.uk, vuln@secunia.com, red@heisec.de

#######################################################################

                             Luigi Auriemma

Application: Terminator 3: War of the Machines
              http://www.atari.com/us/games/terminator_3_war/pc
Versions: <= 1.16
Platforms: Windows
Bugs: A] cd-key hash buffer-overflow
              B] big nickname access violation
Exploitation: remote, versus server
Date: 26 May 2005
Author: Luigi Auriemma
              e-mail: aluigi@autistici.org
              web: http://aluigi.altervista.org

#######################################################################

1) Introduction
2) Bugs
3) The Code
4) Fix

#######################################################################

===============
1) Introduction
===============

Terminator 3: War of the Machines is a multiplayer FPS game developed
by Clevers (http://www.clevers.com) and based on the homonym movie.
It has been published by Atari (http://www.atari.com) in December 2003.

#######################################################################

=======
2) Bugs
=======

------------------------------
A] cd-key hash buffer-overflow
------------------------------

The text field containing the client cd-key hash is the cause of a
buffer-overflow that affects the server.
Note: this is NOT the Gamespy cd-key SDK buffer-overflow.

--------------------------------
B] big nickname access violation
--------------------------------

If an attacker uses a too big nickname the server crashes for the
access to an arbitrary zone of the memory.

#######################################################################

===========
3) The Code
===========

http://aluigi.altervista.org/poc/t3wmbof.zip

#######################################################################

======
4) Fix
======

No fix.
The game is no longer supported.

#######################################################################

---
Luigi Auriemma
http://aluigi.altervista.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• Previous message: Martin Pitt: "[Full-disclosure] [USN-134-1] Firefox vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [Full-disclosure] Buffer-overflow and crash in FlatFrag 0.3 ... Bugs ... Fix ... FlatFrag is an open source multiplayer tank game developed by Johannes ... When the server receives the NT_CONN_OK command from an unconnected ... (Full-Disclosure) Buffer-overflow and crash in FlatFrag 0.3 ... Bugs ... Fix ... FlatFrag is an open source multiplayer tank game developed by Johannes ... When the server receives the NT_CONN_OK command from an unconnected ... (Bugtraq) Re: RPC Server unavailable ... > I've already ran both NetDiag of the DC and affected machines. ... >> Solution: Fix your DNS. ... >> DNS records and report any errors. ... >>> Server and or the communication between the server and the affected ... (microsoft.public.win2000.general) REPLY -- XP slowness logging into an AD domain ... the server. ... Between the above two items this should fix the issue. ... >machines log in instantly and the XP machines just hang ... >slowing up the logins considerably for XP machines. ... (microsoft.public.windows.server.active_directory) Buffer-overflow and crash in Terminator 3: War of the Machines 1.16 ... Application: Terminator 3: War of the Machines ... Bugs ... Fix ... buffer-overflow that affects the server. ... (Bugtraq)