Press CTRL-D to bookmark us
Welcome Guest Login / Register / Members
Search in  
Top Submit newsSubscribe
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
 

 Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?
 
 Purge Jihad Broadcast Response Buffer Overflow Lets Remote Users Execute Arbitrary Code
Categorie: Vulnerability
Posted: 2004-02-17 by ReCall
Views: 396
Source: Click here
 		Current Rating: Not rated
Poor Best
 Details
Description: A buffer overflow vulnerability was reported in the Purge and Purge Jihad games. A remote game server can execute arbitrary code on a connected client system.

Luigi Auriemma reported that when a client sends a broadcast query to available game servers, a game server can respond with a specially crafted packet to trigger a buffer overflow and execute arbitrary code on the client system.

The 'battle type' and 'map name' fields are reportedly limited to 64 bytes but can be overflowed.

Some demonstration exploit code is available at:

http://aluigi.altervista.org/poc/purge-cbof.zip

Impact: A remote game server can execute arbitrary code on a target client system when the target system broadcasts to the game server.

bbb Solution: The vendor has released a fixed version (2.0.2), available at:


http://www.purgeonline.net/download.shtml
 
Syndication
Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=724

User comments (post your comments here)

Only registerd members can post comments and articles
 
Previous articleBack to news listNext article
 


InterJOB.su
Bookmark us | Set As Homepage | Advertising | Contact Us | Recomend us | Link us | Links | Terms

SpyLOG Page Rank Checker
LAST QUERIES