Buffer-overflow and crash in Terminator 3: War of the Machines 1.16

From: Luigi Auriemma (aluigi_at_autistici.org)
Date: 05/26/05

Next message: Luigi Auriemma: "Buffer-overflow in C'Nedra 0.4.0"

Previous message: Arne Vidström: "Re: Commonly used disk imaging and wiping tools can be tricked to miss parts of a disk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 26 May 2005 17:44:41 +0000
To: bugtraq@securityfocus.com, bugs@securitytracker.com, news@securiteam.com, full-disclosure@lists.grok.org.uk, vuln@secunia.com, red@heisec.de

#######################################################################

Luigi Auriemma

Application: Terminator 3: War of the Machines
              http://www.atari.com/us/games/terminator_3_war/pc
Versions: <= 1.16
Platforms: Windows
Bugs: A] cd-key hash buffer-overflow
              B] big nickname access violation
Exploitation: remote, versus server
Date: 26 May 2005
Author: Luigi Auriemma
              e-mail: aluigi@autistici.org
              web: http://aluigi.altervista.org

#######################################################################

1) Introduction
2) Bugs
3) The Code
4) Fix

#######################################################################

===============
1) Introduction
===============

Terminator 3: War of the Machines is a multiplayer FPS game developed
by Clevers (http://www.clevers.com) and based on the homonym movie.
It has been published by Atari (http://www.atari.com) in December 2003.

#######################################################################

=======
2) Bugs
=======

------------------------------
A] cd-key hash buffer-overflow
------------------------------

The text field containing the client cd-key hash is the cause of a
buffer-overflow that affects the server.
Note: this is NOT the Gamespy cd-key SDK buffer-overflow.

--------------------------------
B] big nickname access violation
--------------------------------

If an attacker uses a too big nickname the server crashes for the
access to an arbitrary zone of the memory.

#######################################################################

===========
3) The Code
===========

http://aluigi.altervista.org/poc/t3wmbof.zip

#######################################################################

======
4) Fix
======

No fix.
The game is no longer supported.

#######################################################################

---
Luigi Auriemma
http://aluigi.altervista.org

Next message: Luigi Auriemma: "Buffer-overflow in C'Nedra 0.4.0"

Previous message: Arne Vidström: "Re: Commonly used disk imaging and wiping tools can be tricked to miss parts of a disk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[Full-disclosure] Buffer-overflow and crash in FlatFrag 0.3
... Bugs ... Fix ... FlatFrag is an open source multiplayer tank game developed by Johannes ... When the server receives the NT_CONN_OK command from an unconnected ...
(Full-Disclosure)
Buffer-overflow and crash in FlatFrag 0.3
... Bugs ... Fix ... FlatFrag is an open source multiplayer tank game developed by Johannes ... When the server receives the NT_CONN_OK command from an unconnected ...
(Bugtraq)
Re: RPC Server unavailable
... > I've already ran both NetDiag of the DC and affected machines. ... >> Solution: Fix your DNS. ... >> DNS records and report any errors. ... >>> Server and or the communication between the server and the affected ...
(microsoft.public.win2000.general)
REPLY -- XP slowness logging into an AD domain
... the server. ... Between the above two items this should fix the issue. ... >machines log in instantly and the XP machines just hang ... >slowing up the logins considerably for XP machines. ...
(microsoft.public.windows.server.active_directory)
[Full-disclosure] Buffer-overflow and crash in Terminator 3: War of the Machines 1.16
... Application: Terminator 3: War of the Machines ... Bugs ... Fix ... buffer-overflow that affects the server. ...
(Full-Disclosure)