Server crash in Breed patch #1

From: Luigi Auriemma (aluigi_at_autistici.org)
Date: 01/13/05

Next message: customer service mailbox: "iDEFENSE Security Advisory 01.13.05: MySQL MaxDB WebAgent websql logon Buffer Overflow Vulnerability"

Previous message: customer service mailbox: "iDEFENSE Security Advisory 01.13.05 - Apple iTunes Playlist Parsing Buffer Overflow Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 13 Jan 2005 21:16:25 +0000
To: bugtraq@securityfocus.com, bugs@securitytracker.com, news@securiteam.com, full-disclosure@lists.netsys.com, vuln@secunia.com

#######################################################################

Luigi Auriemma

Application: Breed
              http://www.brat-designs.com/breed.html
Versions: <= patch #1
Platforms: Windows
Bug: access to NULL pointer
Exploitation: remote, versus server
Date: 13 Jan 2005
Author: Luigi Auriemma
              e-mail: aluigi@autistici.org
              web: http://aluigi.altervista.org

#######################################################################

1) Introduction
2) Bug
3) The Code
4) Fix

#######################################################################

===============
1) Introduction
===============

Breed is a game developed by Brat Designs (http://www.brat-designs.com)
using their Mercury engine.
It has been released in February 2004.

#######################################################################

======
2) Bug
======

The game server can be easily crashed through the sending of an empty
UDP packet.
In fact if the packet size is equal to zero, the game passes a NULL
pointer to the function used to parse the packet's content.

#######################################################################

===========
3) The Code
===========

http://aluigi.altervista.org/poc/breedzero.zip

#######################################################################

======
4) Fix
======

No fix.
No reply from the vendor.

#######################################################################

---
Luigi Auriemma
http://aluigi.altervista.org

Next message: customer service mailbox: "iDEFENSE Security Advisory 01.13.05: MySQL MaxDB WebAgent websql logon Buffer Overflow Vulnerability"

Previous message: customer service mailbox: "iDEFENSE Security Advisory 01.13.05 - Apple iTunes Playlist Parsing Buffer Overflow Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[Full-disclosure] Multiple vulnerabilities in Yager 5.24
... remote, versus server and clients ... Fix ... Yager is a futuristic air combat game developed by Yager Development ... The game is affected by a buffer-overflow in the nickname field (ID ...
(Full-Disclosure)
Multiple vulnerabilities in Yager 5.24
... remote, versus server and clients ... Fix ... Yager is a futuristic air combat game developed by Yager Development ... The game is affected by a buffer-overflow in the nickname field (ID ...
(Bugtraq)
Need for Speed Hot pursuit 2 <= 242 clients buffer overflow
... Bug ... Fix ... long string in the informations replied by the server. ... the clients automatically request informations to the ...
(Bugtraq)
Remote server crash in Team Factor <= 1.25
... Bug ... Fix ... game will read unallocated memory instruction) and will ... The following are the instructions that cause the crash in the Win32 ...
(Bugtraq)
[Full-disclosure] Format string bug in Skulltag 0.96f
... Bug ... Fix ... The server is affected by a format string vulnerability exploitable ... The exploitation happens "outside" the server so there are no banning ...
(Full-Disclosure)