Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Buffer-overflow and crash in Terminator 3: War of the

from [Luigi Auriemma] Network Security [Permanent Link]
Subject: [Full-disclosure] Buffer-overflow and crash in Terminator 3: War of the Machines 1.16
Date: Thu, 26 May 2005 17:44:41 +0000 

#######################################################################

                             Luigi Auriemma

Application:  Terminator 3: War of the Machines
              http://www.atari.com/us/games/terminator_3_war/pc
Versions:     <= 1.16
Platforms:    Windows
Bugs:         A] cd-key hash buffer-overflow
              B] big nickname access violation
Exploitation: remote, versus server
Date:         26 May 2005
Author:       Luigi Auriemma
              e-mail: aluigi@autistici.org
              web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bugs
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Terminator 3: War of the Machines is a multiplayer FPS game developed
by Clevers (http://www.clevers.com) and based on the homonym movie.
It has been published by Atari (http://www.atari.com) in December 2003.


#######################################################################

=======
2) Bugs
=======

------------------------------
A] cd-key hash buffer-overflow
------------------------------

The text field containing the client cd-key hash is the cause of a
buffer-overflow that affects the server.
Note: this is NOT the Gamespy cd-key SDK buffer-overflow.


--------------------------------
B] big nickname access violation
--------------------------------

If an attacker uses a too big nickname the server crashes for the
access to an arbitrary zone of the memory.


#######################################################################

===========
3) The Code
===========


http://aluigi.altervista.org/poc/t3wmbof.zip


#######################################################################

======
4) Fix
======


No fix.
The game is no longer supported.


#######################################################################


--- 
Luigi Auriemma
http://aluigi.altervista.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Buffer-overflow and crash in Terminator 3: War of the Machines 1.16, Luigi Auriemma <=
Previous by Date:  [Full-disclosure] [USN-134-1] Firefox vulnerabilities, Martin Pitt
Next by Date:  [Full-disclosure] Buffer-overflow in C'Nedra 0.4.0, Luigi Auriemma
Previous by Thread:  [Full-disclosure] [USN-134-1] Firefox vulnerabilities, Martin Pitt
Next by Thread:  [Full-disclosure] Buffer-overflow in C'Nedra 0.4.0, Luigi Auriemma
Indexes:  [Date] [Thread] [Top] [All Lists]