Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] Server termination in Scrapland 1.0

from [Luigi Auriemma] Network Security [Permanent Link]
Subject: [Full-Disclosure] Server termination in Scrapland 1.0
Date: Mon, 28 Feb 2005 18:44:29 +0000 

#######################################################################

                             Luigi Auriemma

Application:  Scrapland
              http://www.scrapland.com
Versions:     <= 1.0
Platforms:    Windows
Bug:          server termination
Exploitation: remote, versus server (partially in-game)
Date:         28 Feb 2005
Author:       Luigi Auriemma
              e-mail: aluigi@autistici.org
              web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Scrapland is the known game developed by MercurySteam Entertainment
(http://www.mercurysteam.com) with the creative support of American
McGee (http://www.americanmcgee.com).
The game has been released at the beginning of 2005.


#######################################################################

======
2) Bug
======


The main problem of the game is that the server terminates after any
error instead of simply showing the error message in the game console
and continuing its work.

This situation lets an attacker to easily crash a Scrapland game server
in many ways, some of them are:

- size>SSize: the game uses 8 bits numbers to specify the size of the
  text strings inside the packets. These 8 bits numbers are handled as
  signed integers so any value bigger than 127 causes the server error.

- unexistent model: if the client uses a model (like engine, pilot or
  player) not available on the server, this one will terminate saying
  that the model specified by the client has not been found.

- newpos<=size: another type of error.

- access violation caused by the reception of two partial packets.

If the server is full, is not possible to terminate it.


#######################################################################

===========
3) The Code
===========


http://aluigi.altervista.org/poc/scrapboom.zip


#######################################################################

======
4) Fix
======


No fix.
No reply from the developers.


#######################################################################


--- 
Luigi Auriemma
http://aluigi.altervista.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] Server termination in Scrapland 1.0, Luigi Auriemma <=
Previous by Date:  iDEFENSE Security Advisory 02.28.05: KPPP Privileged File Descriptor Leak Vulnerability, iDEFENSE Labs
Next by Date:  [Hat-Squad] GFI L.N.S.S 5.0 Insecure Credential Storage, Hat-Squad Security Team
Previous by Thread:  iDEFENSE Security Advisory 02.28.05: KPPP Privileged File Descriptor Leak Vulnerability, iDEFENSE Labs
Next by Thread:  [Hat-Squad] GFI L.N.S.S 5.0 Insecure Credential Storage, Hat-Squad Security Team
Indexes:  [Date] [Thread] [Top] [All Lists]