SecurityTracker.com Archives - Halo: Combat Evolved Processing Error Lets Remote Users Deny Service

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Game) > Halo

Vendors: Microsoft

Halo: Combat Evolved Processing Error Lets Remote Users Deny Service

SecurityTracker Alert ID: 1014067

SecurityTracker URL: http://securitytracker.com/id?1014067

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: May 27 2005

Impact: Denial of service via network

Exploit Included: Yes

Version(s): 1.06 and prior versions

Description: Luigi Auriemma reported a vulnerability in Halo: Combat Evolved. A remote user can cause the target game service to enter an endless loop.

A remote user can send specially crafted data to the target game service to cause the game service to become unavailable and consume all available CPU resources.

A demonstration exploit is available at:

http://aluigi.altervista.org/poc/haloloop.zip

The vendor was notified on April 24, 2005.

Impact: A remote user can cause the target game server to become unavailable and consume all available CPU resources.

Solution: No solution was available at the time of this entry.

Vendor URL: www.microsoft.com/games/pc/halo.aspx (Links to External Site)

Cause: Input validation error, State error

Underlying OS: Windows (Any)

Reported By: Luigi Auriemma <aluigi@autistici.org>

Message History: None.

Source Message Contents

Date: Tue, 24 May 2005 18:00:30 +0000
From: Luigi Auriemma <aluigi@autistici.org>
Subject: Endless loop in Halo 1.06

 
 
 
#######################################################################
 
                             Luigi Auriemma
 
Application:  Halo: Combat Evolved
              http://www.microsoft.com/games/pc/halo.aspx
Versions:     <= 1.06 and Custom Edition 1.00
Platforms:    Windows
Bug:          endless loop
Exploitation: remote, versus server
Date:         24 May 2005
Author:       Luigi Auriemma
              e-mail: aluigi@autistici.org
              web:    http://aluigi.altervista.org
 
 
#######################################################################
 
 
1) Introduction
2) Bug
3) The Code
4) Fix
 
 
#######################################################################
 
===============
1) Introduction
===============
 
 
Halo is the great FPS game developed by Bungie Studios and ported on PC
by Gearbox Software (http://www.gearboxsoftware.com).
It is published by Microsoft Games (http://www.microsoft.com/games/)
and has been released at the end of 2003.
 
 
#######################################################################
 
======
2) Bug
======
 
 
The game is not able to handle the malformed data with the conseguence
of entering in an endless loop that continues to check the same data.
The effects are that the server freezes completely, so is no longer
able to handle packets, and the CPU goes to 100%.
 
 
#######################################################################
 
===========
3) The Code
===========
 
 
http://aluigi.altervista.org/poc/haloloop.zip
 
 
#######################################################################
 
======
4) Fix
======
 
 
The upcoming version 1.07 should be released in these days, the bug has
been reported to the developers exactly one month ago.
 
 
#######################################################################
 
 
--- 
Luigi Auriemma
http://aluigi.altervista.org

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2005, SecurityGlobal.net LLC