Remote server crash in Haegemonia <= 1.07

From: Luigi Auriemma (aluigi_at_altervista.org)
Date: 02/24/04

Next message: Rafel Ivgi, The-Insider: "FlexWATCH-Webs 2.2 (NTSC) Authorization Bypass"

Previous message: Mandrake Linux Security Team: "MDKSA-2004:015 - Updated kernel packages fix multiple vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 24 Feb 2004 18:57:53 +0000
To: bugtraq@securityfocus.com

#######################################################################

Luigi Auriemma

Application: Haegemonia
              http://www.haegemonia.com
Versions: <= 1.07
Platforms: Windows
Bug: reading of unallocated memory (crash)
Risk: high
Exploitation: remote, versus server
Date: 24 Feb 2004
Author: Luigi Auriemma
              e-mail: aluigi@altervista.org
              web: http://aluigi.altervista.org

#######################################################################

1) Introduction
2) Bug
3) The Code
4) Fix

#######################################################################

===============
1) Introduction
===============

Haegemonia is a strategic space combat game developed by Digital
Reality (http://www.digitalreality.hu) released in the 2002.
This game has excellent ambient musics but its network protocol seems a
bit bugged...

#######################################################################

======
2) Bug
======

The bug is a classical reading of unallocated memory caused by the
sending of a packet containing a chat message with a too big 32bit
number identifying the length of the message.

#######################################################################

===========
3) The Code
===========

http://aluigi.altervista.org/poc/hgmcrash.zip

#######################################################################

======
4) Fix
======

No fix.
Developers have not replied to my mails.

#######################################################################

---
Luigi Auriemma
http://aluigi.altervista.org

Next message: Rafel Ivgi, The-Insider: "FlexWATCH-Webs 2.2 (NTSC) Authorization Bypass"

Previous message: Mandrake Linux Security Team: "MDKSA-2004:015 - Updated kernel packages fix multiple vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[Un] Unangband 0.6.3 released
... Allow player to assemble friendly monsters and carry eggs to hatch ... Updated druidic spells to use new region code. ... Fix lockup bugs generating the Old Forest. ... Fix bug where items dropped by monster death would infinitely ...
(rec.games.roguelike.announce)
please pull from the trivial tree
... Fix spelling in E1000_DISABLE_PACKET_SPLIT Kconfig description ... +- Finding patch that caused a bug ... +Always try the latest kernel from kernel.org and build from source. ... Length of input string in bytes ...
(Linux-Kernel)
Subterrane v0.194 Alpha Released
... system, a character sheet, a ton of new spells, new monsters, item ... Added a character sheet that displays your character's ... Fix: Fixed a bug in the encumbrance calculation and status display ...
(rec.games.roguelike.announce)
Re: Larkin, Power BASIC cannot be THAT good:
... If they did not produce a product with *adequate* quality then customers would not buy it and the company would not make a profit. ... it is to change a product in the field, and Y axis is bug density. ... but when the in service fix is almost free to the supplier then they will exploit that to their advantage. ... On-screen programming is pretty much type and ignite and see what ...
(sci.electronics.design)
Unangband 0.6.2-wip7a has been released
... This release is mostly a bug fix revision to wip7, however, I was able ... You can now use the run command to 'step' into an adjacent monster, ... The player only suffers a monster disease if the monster disease ... Fix up some animal speech sayings. ...
(rec.games.roguelike.announce)