SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Game)  >   Ground Control II Vendors:   Massive Entertainment
Ground Control II Can Be Crashed By Remote Users Sending a Large Packet
SecurityTracker Alert ID:  1011075
SecurityTracker URL:  http://securitytracker.com/id/1011075
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 26 2004
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 1.0.0.7 and prior versions
Description:   Luigi Auriemma reported a vulnerability in the Ground Control II: Operation Exodus game software. A remote user can cause the game to exit.

It is reported that a remote user can send a packet that is larger than the maximum supported size (usually 512 bytes) to the target server or client to cause the application to crash.

A demonstration exploit is available at:

http://aluigi.altervista.org/poc/gc2boom.zip

Impact:   A remote user can cause the client or the server to exit.
Solution:   No solution was available at the time of this entry.

The author of the report has provided an unofficial patch for the dedicated server 1.0.0.7 and the demo 0.0.8.1:

http://aluigi.altervista.org/patches/gc2ds-1007-fix.zip
http://aluigi.altervista.org/patches/gc2-demo0081-fix.zip

Vendor URL:  www.groundcontrol2.com/ (Links to External Site)
Cause:   Exception handling error, Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Broadcast forced exit in Ground Control II 1.0.0.7



#######################################################################

                             Luigi Auriemma

Application:  Ground Control II: Operation Exodus
              http://www.groundcontrol2.com
Versions:     <= 1.0.0.7
Platforms:    Windows
Bug:          forced exit (DoS)
Risk:         high
Exploitation: remote, versus servers and clients (broadcast)
Date:         26 August 2004
Author:       Luigi Auriemma
              e-mail: aluigi@altervista.org
              web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Ground Control II is a futuristic strategy game developed by Massive
Entertainment (http://www.massive.se) and released in June 2004.


#######################################################################

======
2) Bug
======


The problem is very simple, the game automatically exits if it receives
a packet bigger than the max supported size (usually 512 bytes) because
some instructions check for the socket error "Message too long" and
consider it critical.

Both servers and clients are vulnerables and the major problem is just
for clients because a single malicious server is able to automatically
(or also directly) crash any client in the world so nobody can play
online.


#######################################################################

===========
3) The Code
===========


http://aluigi.altervista.org/poc/gc2boom.zip


#######################################################################

======
4) Fix
======


The official online Massive Entertainment servers have been fixed but
no official patch has been released yet.

The bug is very easy to fix so I have created an unofficial patch for
the dedicated server 1.0.0.7 and the demo 0.0.8.1 (the retail game uses
CD protections so I don't support it):

  http://aluigi.altervista.org/patches/gc2ds-1007-fix.zip
  http://aluigi.altervista.org/patches/gc2-demo0081-fix.zip


#######################################################################


--- 
Luigi Auriemma
http://aluigi.altervista.org
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC