Players disconnection in Simbin racing games

2007-03-08 / 2007-03-09
Credit: Luigi Auriemma
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2007-1170
CWE: CWE-Other


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

####################################################################### Luigi Auriemma Applications: games developed by SimBin Development Team http://www.simbin.se Versions: GTR - FIA GT Racing Game <= 1.5.0.0 http://www.gtr-game.com GT Legends <= 1.1.0.0 http://www.gt-legends.com GTR 2 <= 1.1 http://www.gtr-game.com RACE - The WTCC Game <= 1.0 (0.6.3.0?) http://www.race-game.org Platforms: Windows Bug: clients disconnection Exploitation: remote, versus clients Date: 21 Feb 2007 Author: Luigi Auriemma e-mail: aluigi (at) autistici (dot) org [email concealed] web: aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== Simbin is a well known software house specialized in the developing of racing games deeply devopted to extreme simulation. All their games are very recent, GTR was released in November 2004 while Race WTCC exactly two years later. ####################################################################### ====== 2) Bug ====== The problem is very simple, an UDP packet of zero bytes (empty) sent to the main port of the server (usually 48942 for Race WTCC and 34297 for the other games) forces the disconnection of all the clients connected to it. The attacker needs only to send one packet (spoofing possible) and the clients in the game will be immediately kicked with the message "Lost connection with the Host". Then they can re-join again... but can be re-kicked in the same way too. ####################################################################### =========== 3) The Code =========== - get udpsz from here: http://aluigi.org/testz/udpsz.zip - launch it versus the server: udpsz 127.0.0.1 34297 0 for GTR, GTR2 and GT Legends udpsz 127.0.0.1 48942 0 for Race WTCC - check what happened to the clients connected to it ####################################################################### ====== 4) Fix ====== No fix. No reply received from the developers. ####################################################################### --- Luigi Auriemma http://aluigi.org http://mirror.aluigi.org


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top