Endless loop in NetPanzer 0.8

• Previous message: ak_at_red-database-security.com: "Advisory: Oracle JDeveloper Plaintext Passwords"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 13 Jul 2005 21:31:54 +0000
To: bugtraq@securityfocus.com, bugs@securitytracker.com, news@securiteam.com, full-disclosure@lists.grok.org.uk, vuln@secunia.com

#######################################################################

                             Luigi Auriemma

Application: NetPanzer
              http://netpanzer.berlios.de
Versions: <= 0.8
Platforms: Windows, Linux and Mac
Bugs: endless loop
Exploitation: remote, versus server (and clients also if useless)
Date: 13 Jul 2005
Author: Luigi Auriemma
              e-mail: aluigi@autistici.org
              web: http://aluigi.altervista.org

#######################################################################

1) Introduction
2) Bug
3) The Code
4) Fix

#######################################################################

===============
1) Introduction
===============

NetPanzer is an open source multiplayer tactical game enough known and
played.

#######################################################################

======
2) Bug
======

The network code doesn't verify the correctness of the 16 bit number
containing the size of the entire data block received from the network.
If an attacker sends the number 0x0000 (the minimum should be 0x0002)
the game enters in an endless loop and nobody can play.

#######################################################################

===========
3) The Code
===========

http://aluigi.altervista.org/poc/panzone.zip

#######################################################################

======
4) Fix
======

The SVN version of the game has been fixed:

  http://developer.berlios.de/svn/?group_id=1250

#######################################################################

---
Luigi Auriemma
http://aluigi.altervista.org

• Previous message: ak_at_red-database-security.com: "Advisory: Oracle JDeveloper Plaintext Passwords"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [Full-disclosure] Endless loop in NetPanzer 0.8 ... Application: NetPanzer ... Bug ... The network code doesn't verify the correctness of the 16 bit number ... the game enters in an endless loop and nobody can play. ... (Full-Disclosure) Re: Transgressing the Boundaries: Towards a Transformative Hermeneutics of Copyright and Patent Law? ... to pay a "Microsoft tax" just to use a given piece of ... and make a good game. ... [snip further badmouthing of Nehahra] ... Tried it twice in List view, and could not reproduce the bug. ... (comp.lang.java.programmer) Re: Cant take skilled talent? ... least playing an easier version of the game than everyone else has. ... mind changing or removing the patch if TB emailed me about it. ... -fixing skilled bug is good ... The patch simply stops the monsters from growing too powerful compared to the ... (rec.games.roguelike.adom) Re: Half-Life 3? ... of the porn spammer to utter "The Augury is good, ... If this game was buggy for me I'd pick another ... Avoiding a cutscene isn't a bug, it's a bonus, having a cutscene ... Stalker without any other problems. ... (comp.sys.ibm.pc.games.action) Re: 7DRLPC Thread - Reviews, YAVPs, Bug Reports ... To gain 7DRLPC points, post your reviews, YAVPs, and bug reports here. ... ....Peace was enjoyed by all on your planet, ... In the game you ... Another nice thing would be allowing allying with other aliens and ... (rec.games.roguelike.misc)