[Full-disclosure] Buffer-overflow and crash in Terminator 3: War of the Machines 1.16
From: Luigi Auriemma (aluigi_at_autistici.org)
Date: 05/26/05
- Previous message: Martin Pitt: "[Full-disclosure] [USN-134-1] Firefox vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 May 2005 17:44:41 +0000 To: bugtraq@securityfocus.com, bugs@securitytracker.com, news@securiteam.com, full-disclosure@lists.grok.org.uk, vuln@secunia.com, red@heisec.de
#######################################################################
Luigi Auriemma
Application: Terminator 3: War of the Machines
http://www.atari.com/us/games/terminator_3_war/pc
Versions: <= 1.16
Platforms: Windows
Bugs: A] cd-key hash buffer-overflow
B] big nickname access violation
Exploitation: remote, versus server
Date: 26 May 2005
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
web: http://aluigi.altervista.org
#######################################################################
1) Introduction
2) Bugs
3) The Code
4) Fix
#######################################################################
===============
1) Introduction
===============
Terminator 3: War of the Machines is a multiplayer FPS game developed
by Clevers (http://www.clevers.com) and based on the homonym movie.
It has been published by Atari (http://www.atari.com) in December 2003.
#######################################################################
=======
2) Bugs
=======
------------------------------
A] cd-key hash buffer-overflow
------------------------------
The text field containing the client cd-key hash is the cause of a
buffer-overflow that affects the server.
Note: this is NOT the Gamespy cd-key SDK buffer-overflow.
--------------------------------
B] big nickname access violation
--------------------------------
If an attacker uses a too big nickname the server crashes for the
access to an arbitrary zone of the memory.
#######################################################################
===========
3) The Code
===========
http://aluigi.altervista.org/poc/t3wmbof.zip
#######################################################################
======
4) Fix
======
No fix.
The game is no longer supported.
#######################################################################
---
Luigi Auriemma
http://aluigi.altervista.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Martin Pitt: "[Full-disclosure] [USN-134-1] Firefox vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
