Ground Control II Can Be Crashed By Remote Users Sending a Large Packet
|
|
SecurityTracker Alert ID: 1011075
|
|
SecurityTracker URL: http://securitytracker.com/id?1011075
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Aug 26 2004
|
Impact: Denial of service via network
|
Exploit Included: Yes
|
Version(s): 1.0.0.7 and prior versions
|
Description: Luigi Auriemma reported a vulnerability in the Ground Control II: Operation Exodus game software. A remote user can cause the game to exit.
It is reported that a remote user can send a packet that is larger than the maximum supported size (usually 512 bytes) to the target
server or client to cause the application to crash.
A demonstration exploit is available at:
http://aluigi.altervista.org/poc/gc2boom.zip
|
Impact: A remote user can cause the client or the server to exit.
|
Solution: No solution was available at the time of this entry.
The author of the report has provided an unofficial patch for the dedicated
server 1.0.0.7 and the demo 0.0.8.1:
http://aluigi.altervista.org/patches/gc2ds-1007-fix.zip
http://aluigi.altervista.org/patches/gc2-demo0081-fix.zip
|
Vendor URL: www.groundcontrol2.com/ (Links to External Site)
|
Cause: Exception handling error, Input validation error
|
Underlying OS: Windows (Any)
|
Reported By: Luigi Auriemma <aluigi@autistici.org>
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 26 Aug 2004 19:21:00 +0000
From: Luigi Auriemma <aluigi@autistici.org>
Subject: Broadcast forced exit in Ground Control II 1.0.0.7
|
#######################################################################
Luigi Auriemma
Application: Ground Control II: Operation Exodus
http://www.groundcontrol2.com
Versions: <= 1.0.0.7
Platforms: Windows
Bug: forced exit (DoS)
Risk: high
Exploitation: remote, versus servers and clients (broadcast)
Date: 26 August 2004
Author: Luigi Auriemma
e-mail: aluigi@altervista.org
web: http://aluigi.altervista.org
#######################################################################
1) Introduction
2) Bug
3) The Code
4) Fix
#######################################################################
===============
1) Introduction
===============
Ground Control II is a futuristic strategy game developed by Massive
Entertainment (http://www.massive.se) and released in June 2004.
#######################################################################
======
2) Bug
======
The problem is very simple, the game automatically exits if it receives
a packet bigger than the max supported size (usually 512 bytes) because
some instructions check for the socket error "Message too long" and
consider it critical.
Both servers and clients are vulnerables and the major problem is just
for clients because a single malicious server is able to automatically
(or also directly) crash any client in the world so nobody can play
online.
#######################################################################
===========
3) The Code
===========
http://aluigi.altervista.org/poc/gc2boom.zip
#######################################################################
======
4) Fix
======
The official online Massive Entertainment servers have been fixed but
no official patch has been released yet.
The bug is very easy to fix so I have created an unofficial patch for
the dedicated server 1.0.0.7 and the demo 0.0.8.1 (the retail game uses
CD protections so I don't support it):
http://aluigi.altervista.org/patches/gc2ds-1007-fix.zip
http://aluigi.altervista.org/patches/gc2-demo0081-fix.zip
#######################################################################
---
Luigi Auriemma
http://aluigi.altervista.org
|
|
