Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Broadcast forced exit in Ground Control II 1.0.0.7

from [Luigi Auriemma] Network Security [Permanent Link]
Subject: Broadcast forced exit in Ground Control II 1.0.0.7
Date: Thu, 26 Aug 2004 19:21:00 +0000 

#######################################################################

                             Luigi Auriemma

Application:  Ground Control II: Operation Exodus
              http://www.groundcontrol2.com
Versions:     <= 1.0.0.7
Platforms:    Windows
Bug:          forced exit (DoS)
Risk:         high
Exploitation: remote, versus servers and clients (broadcast)
Date:         26 August 2004
Author:       Luigi Auriemma
              e-mail: aluigi@altervista.org
              web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Ground Control II is a futuristic strategy game developed by Massive
Entertainment (http://www.massive.se) and released in June 2004.


#######################################################################

======
2) Bug
======


The problem is very simple, the game automatically exits if it receives
a packet bigger than the max supported size (usually 512 bytes) because
some instructions check for the socket error "Message too long" and
consider it critical.

Both servers and clients are vulnerables and the major problem is just
for clients because a single malicious server is able to automatically
(or also directly) crash any client in the world so nobody can play
online.


#######################################################################

===========
3) The Code
===========


http://aluigi.altervista.org/poc/gc2boom.zip


#######################################################################

======
4) Fix
======


The official online Massive Entertainment servers have been fixed but
no official patch has been released yet.

The bug is very easy to fix so I have created an unofficial patch for
the dedicated server 1.0.0.7 and the demo 0.0.8.1 (the retail game uses
CD protections so I don't support it):

  http://aluigi.altervista.org/patches/gc2ds-1007-fix.zip
  http://aluigi.altervista.org/patches/gc2-demo0081-fix.zip


#######################################################################


--- 
Luigi Auriemma
http://aluigi.altervista.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Broadcast forced exit in Ground Control II 1.0.0.7, Luigi Auriemma <=
Previous by Date:  Re: [Full-Disclosure] Automated ssh scanning, Matt Zimmerman
Next by Date:  [Full-Disclosure] Re: !SPAM! Automated ssh scanning, gadgeteer
Previous by Thread:  [Full-Disclosure] [ GLSA 200408-27 ] Gaim: New vulnerabilities, Sune Kloppenborg Jeppesen
Next by Thread:  [Full-Disclosure] viruses coming from this list.., Doomdaddy
Indexes:  [Date] [Thread] [Top] [All Lists]