SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Game)  >   Judge Dredd Vendors:   Rebellion
Judge Dredd: Dredd vs. Death Format String Flaw Lets Remote Users Crash the Server
SecurityTracker Alert ID:  1011508
SecurityTracker URL:  http://securitytracker.com/id/1011508
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 2 2004
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 1.01 and prior versions
Description:   Luigi Auriemma reported a format string vulnerability in the 'Judge Dredd: Dredd vs. Death' game software. A remote user can cause the target game service to crash.

It is reported that a remote authenticated user can send a specially crafted chat message to trigger the format string vulnerability and cause the target game service to crash. A demonstration exploit example is provided:

%n%n%n%n%n

The vendor has been notified without response.

Impact:   A remote user can cause the target game service to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.rebellion.co.uk/ (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  In-game format string in Judge Dredd vs. Death 1.01



#######################################################################

                             Luigi Auriemma

Application:  Judge Dredd: Dredd vs. Death
              http://www.dreddvsdeath.com
Versions:     <= 1.01
Platforms:    Windows
Bug:          format string
Exploitation: remote, versus server (in-game)
Date:         02 October 2004
Author:       Luigi Auriemma
              e-mail: aluigi@altervista.org
              web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Dredd vs Death is a cool FPS game based on the homonym comic strip.
The game has been developed by Rebellion (http://www.rebellion.co.uk)
and has been released in October 2003.


#######################################################################

======
2) Bug
======


The problem is a format string bug in the handling of the messages
received from clients like "player connected", chat messages and so on.

Like any in-game bug, the attacker must have access to the match (so if
the server is protected by password, he must know it).


#######################################################################

===========
3) The Code
===========


Launch a client and a server, go on the client side, join the server
and send the following chat message (by default pressing the 'T' key):

  %n%n%n%n%n

The server will crash immediately.

You can do the same check running only the server and sending the chat
message from the same computer.


#######################################################################

======
4) Fix
======


No fix.
Developers have not replied to my mails.


#######################################################################


--- 
Luigi Auriemma
http://aluigi.altervista.org
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC