SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Game)  >   Lords of the Realm III Vendors:   Sierra Entertainment, Inc.
Lords of the Realm III User Nickname Input Validation Error Lets Remote Users Crash the Game Server
SecurityTracker Alert ID:  1011361
SecurityTracker URL:  http://securitytracker.com/id/1011361
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 20 2004
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 1.01 and prior versions
Description:   Luigi Auriemma reported a vulnerability in Lords of the Realm III. A remote user can cause the game service to crash.

It is reported that when the server is in the lobby stage, a remote user can supply a specially crafted (long) user nickname to cause the target game service to crash.

Some demonstration exploit code is available at:

http://aluigi.altervista.org/poc/lotr3boom.zip

Impact:   A remote user can cause the game service to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.lords3.com/ (Links to External Site)
Cause:   Boundary error, Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Crash in Lords of the Realm III 1.01



#######################################################################

                             Luigi Auriemma

Application:  Lords of the Realm III
              http://www.lords3.com
Versions:     <= 1.01
Platforms:    Windows
Bug:          crash
Risk:         low/medium
Exploitation: remote, versus server
Date:         19 September 2004
Author:       Luigi Auriemma
              e-mail: aluigi@altervista.org
              web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Lords of the Realm III is a strategic game developed by Impressions
Games (http://www.impressionsgames.com) and released in March 2004.


#######################################################################

======
2) Bug
======


The problem is located in the length of the user's nickname, in fact if
it is too long the server will try to write to an unallocated zone of
the memory.

The bug can be exploited only when the server is in the lobby stage (so
when users can join it) because it is the only moment that it accepts
connections.


#######################################################################

===========
3) The Code
===========


http://aluigi.altervista.org/poc/lotr3boom.zip


#######################################################################

======
4) Fix
======


No fix.
Doesn't exist an e-mail address to directly contact the developers...


#######################################################################


--- 
Luigi Auriemma
http://aluigi.altervista.org
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC