SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Game)  >   The Rage Vendors:   FluidGames
The Rage Game Service Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1009540
SecurityTracker URL:  http://securitytracker.com/id/1009540
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 24 2004
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 1.01 and prior versions
Description:   Luigi Auriemma reported a vulnerability in 'The Rage' game. A remote user can cause the target game service to crash.

It is reported that a remote user can send a specially crafted packet to the target service, with a port number and IP address value of zero, to cause the server to enter an infinite loop.

A demonstration exploit is available at:

http://aluigi.altervista.org/poc/ragefreeze.zip

Impact:   A remote user can cause the game service to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.therageonline.com/ (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Server freeze in The Rage 1.01



#######################################################################

                             Luigi Auriemma

Application:  The Rage
              http://www.therageonline.com
Versions:     <= 1.01
Platforms:    Windows
Bug:          server freeze
Risk:         low
Exploitation: remote, versus server
Date:         23 Mar 2004
Author:       Luigi Auriemma
              e-mail: aluigi@altervista.org
              web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


The Rage is an old school beat'em up game developed by the italians
Fluidgames (http://www.fluidgames.net).


#######################################################################

======
2) Bug
======


The packet used by the client to join the match hosted on the server
contains a sockaddr_in structure inside the data that (naturally) is
composed by the AF_INET family, the source port and the IP address of
the client.

This structure is used by the server to send the next packets to the
client but if an attacker fill it with a port and an IP equal to zero
the server will enter in an infinite loop (from offset 0043525b to
0043527f of the decrypted executable) that completely freezes it.


#######################################################################

===========
3) The Code
===========


http://aluigi.altervista.org/poc/ragefreeze.zip


#######################################################################

======
4) Fix
======


The game is no longer supported.


#######################################################################


--- 
Luigi Auriemma
http://aluigi.altervista.org

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC