Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Heap overflow in Skulltag 0.97d-beta4.1

from [Luigi Auriemma] Network Security [Permanent Link]
Subject: [Full-disclosure] Heap overflow in Skulltag 0.97d-beta4.1
Date: Fri, 24 Aug 2007 01:19:47 +0200 

#######################################################################

                             Luigi Auriemma

Application:  Skulltag
              http://www.skulltag.com
Versions:     <= 0.97d-beta4.1
Platforms:    Windows and Linux
Bug:          heap-overflow
Exploitation: remote, versus server
Date:         23 Aug 2007
Author:       Luigi Auriemma
              e-mail: aluigi@autistici.org
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Skulltag is a well known and played Doom engine mainly based on Zdoom
(but not open source as it) and focused on online gaming.


#######################################################################

======
2) Bug
======


The game is vulnerable to a heap overflow located in the function which
performs the huffman decompression of the incoming packets, allowing
possible malicious code execution through a single UDP packet.


#######################################################################

===========
3) The Code
===========


http://aluigi.org/poc/skulltaghof.zip


#######################################################################

======
4) Fix
======


No fix.
Developers have not been contacted since one year ago the format string
vulnerability I reported to them was handled as a normal bug and the
patch was released some months after my advisory.


#######################################################################


--- 
Luigi Auriemma
http://aluigi.org
http://mirror.aluigi.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Heap overflow in Skulltag 0.97d-beta4.1, Luigi Auriemma <=
Previous by Date:  [Full-disclosure] FLEA-2007-0048-1 xterm, Foresight Linux Essential Announcement Service
Next by Date:  [Full-disclosure] Multiple denial of service in Soldat 1.4.2/2.6.2, Luigi Auriemma
Previous by Thread:  [Full-disclosure] FLEA-2007-0048-1 xterm, Foresight Linux Essential Announcement Service
Next by Thread:  [Full-disclosure] Multiple denial of service in Soldat 1.4.2/2.6.2, Luigi Auriemma
Indexes:  [Date] [Thread] [Top] [All Lists]