SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Game)  >   Alpha Black Zero Vendors:   Playlogic International
Alpha Black Zero: Intrepid Protocol Game Server Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1011454
SecurityTracker URL:  http://securitytracker.com/id/1011454
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 29 2004
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 1.04 and prior versions
Description:   Luigi Auriemma reported a vulnerability in the 'Alpha Black Zero: Intrepid Protocol' game software. A remote user can cause the game server to crash.

It is reported that a remote user can send UDP packets containing join requests to exceed the maximum number of players on the server, causing the target game service to crash.

A demonstration exploit is available at:

http://aluigi.altervista.org/poc/abzboom.zip

Impact:   A remote user can cause the target game service to crash.
Solution:   No solution was available at the time of this entry. The report indicates that the game software is no longer supported.
Vendor URL:  international.playlogicgames.com/games.php?game_name=abz (Links to External Site)
Cause:   State error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Crash in Alpha Black Zero 1.04



#######################################################################

                             Luigi Auriemma

Application:  Alpha Black Zero: Intrepid Protocol
              http://www.playlogicgames.nl/abz/
Versions:     <= 1.04
Platforms:    Windows
Bug:          crash
Risk:         medium
Exploitation: remote, versus server
Date:         29 September 2004
Author:       Luigi Auriemma
              e-mail: aluigi@altervista.org
              web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Alpha Black Zero (ABZ) is a third person strategic shooter developed by
Khaeon (http://www.khaeon.nl) and released in August 2004.


#######################################################################

======
2) Bug
======


Like any existent game, also ABZ supports a maximum nuber of players in
multiplayer mode.
The problem is that players are not limited by the server which crashs
if too much clients tries to join.
Then the possibility to emulate a join request with only one UDP packet
makes the bug very easy to exploit.


#######################################################################

===========
3) The Code
===========


http://aluigi.altervista.org/poc/abzboom.zip


#######################################################################

======
4) Fix
======


No fix.
The game is no longer supported.


#######################################################################


--- 
Luigi Auriemma
http://aluigi.altervista.org
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC