Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| Hired Team: Trial Format String Flaw Lets Remote Users Execute Arbitrary Code |
|---|
Categorie: Vulnerability
Posted: 2004-11-18 by
Views: 357
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: Luigi Auriemma reported several vulnerabilities in the 'Hired Team: Trial' game software. A remote user can interrupt games or cause the game service to crash. A remote user can execute arbitrary code on the target system.
It is reported that a remote user can join a game and then send a specially crafted message containing format string characters to cause the target game service to crash or potentially execute arbitrary code.
It is also reported that a remote user can send data to one of the server-assigned UDP ports on the target server to cause the match to be interrupted.
It is also reported that a remote user can invoke the status command to cause the target game service to crash.
The report indicates that the flaws may reside in the Shine engine (which the game is based on), but that no other games were tested, so it cannot be confirmed as to whether the flaws exist in the Shine engine or the Hired Team game software.
Impact: A remote user can cause the target game service to crash.
A remote user may be able to execute arbitrary code on the target user's system.
A remote user can interrupt game matches.
Solution: No solution was available at the time of this entry.
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1088
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
