SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Game)  >   Master of Orion 3 Vendors:   Quicksilver Software
Master of Orion 3 Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1011966
SecurityTracker URL:  http://securitytracker.com/id/1011966
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 27 2004
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 1.2.5
Description:   Luigi Auriemma reported a vulnerability in Master of Orion 3. A remote user can cause the game service to crash.

It is reported that a remote user can specify a large data block size to cuase the game to crash.

It is also reported that a remote user can make multiple consecutive connections using large nickname strings to cause the game to crash.

A demonstration exploit is available at:

http://aluigi.altervista.org/poc/moo3boom.zip

Impact:   A remote user can cause the game to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.quicksilver.com/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  UNIX (macOS/OS X), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Crashs in Master of Orion III 1.2.5



#######################################################################

                             Luigi Auriemma

Application:  Master of Orion III
              http://moo3.quicksilver.com
Versions:     <= 1.2.5
Platforms:    Windows and MacOS
Bugs:         - allocation error
              - big nicknames crash
Exploitation: remote, versus server
Date:         27 October 2004
Author:       Luigi Auriemma
              e-mail: aluigi@altervista.org
              web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bugs
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Master of Orion III is a spatial strategy game developed by Quicksilver
(http://www.quicksilver.com) and released in February 2003.


#######################################################################

=======
2) Bugs
=======


-------------------
A] allocation error
-------------------

Each data block exchanged between clients and server is preceded by a
32 bits number used to specify its size.
This amount of data is automatically allocated by the game and if it is
too big, and so unallocable, the game automatically exits.


----------------------
B] big nicknames crash
----------------------

The game uses some anti buffer-overflow protections but if an attacker
makes multiple consecutive connections (variable between 1 and 10)
using big nicknames, the game crashs.


#######################################################################

===========
3) The Code
===========


http://aluigi.altervista.org/poc/moo3boom.zip


#######################################################################

======
4) Fix
======


No fix.
Developers will not fix this problem unless there are significant
incidents reported.


#######################################################################


--- 
Luigi Auriemma
http://aluigi.altervista.org
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC