SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Game)  >  Haegemonia Vendors:  Digital Reality, Wanadoo
Haegemonia Game Packet Length Index Overflow Lets Remote Users Deny Service
SecurityTracker Alert ID:  1009205
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 25 2004
Impact:  Denial of service via network
Exploit Included:  Yes  
Version(s): 1.07 and prior versions
Description:  A vulnerability was reported in the Haegemonia game. A remote user can cause the game server to crash.

Luigi Auriemma reported that a remote user can send a chat message packet that contains a value identifying the length of the message that is longer than it should be given the actual length of the message. This will cause the application to read from unallocated memory and crash, the report said.

A demonstration exploit is available at:

http://aluigi.altervista.org/poc/hgmcrash.zip

The vendor has reportedly been notified.
Impact:  A remote user can cause the game server to crash.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.haegemonia.com/ (Links to External Site)
Cause:  Boundary error
Underlying OS:  Windows (Any)
Reported By:  Luigi Auriemma <aluigi@altervista.org>
Message History:   None.

 Source Message Contents
Date:  Tue, 24 Feb 2004 18:57:53 +0000
From:  Luigi Auriemma <aluigi@altervista.org>
Subject:  Remote server crash in Haegemonia &lt;= 1.07

 


#######################################################################

                             Luigi Auriemma

Application:  Haegemonia
              http://www.haegemonia.com
Versions:     <= 1.07
Platforms:    Windows
Bug:          reading of unallocated memory (crash)
Risk:         high
Exploitation: remote, versus server
Date:         24 Feb 2004
Author:       Luigi Auriemma
              e-mail: aluigi@altervista.org
              web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Haegemonia is a strategic space combat game developed by Digital
Reality (http://www.digitalreality.hu) released in the 2002.
This game has excellent ambient musics but its network protocol seems a
bit bugged...


#######################################################################

======
2) Bug
======


The bug is a classical reading of unallocated memory caused by the
sending of a packet containing a chat message with a too big 32bit
number identifying the length of the message.


#######################################################################

===========
3) The Code
===========


http://aluigi.altervista.org/poc/hgmcrash.zip


#######################################################################

======
4) Fix
======


No fix.
Developers have not replied to my mails.


#######################################################################


--- 
Luigi Auriemma
http://aluigi.altervista.org


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC