|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 3197 CVE : CVE-2007-5247 SecurityRisk : High  (About) Remote Exploit : No Local Exploit : Yes Exploit Available : No Credit : Luigi Auriemma Published : 08.10.2007
Advisory Content : ####################################################################### Luigi Auriemma Application: F.E.A.R. (First Encounter Assault Recon) http://www.whatisfear.com Versions: <= 1.08 Platforms: Windows and Linux Bug: format string Exploitation: remote, versus server with Punkbuster enabled Date: 01 Oct 2007 Author: Luigi Auriemma e-mail: aluigi (at) autistici (dot) org [email concealed] web: aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== F.E.A.R. is the most recent FPS game developed by Monolith (http://www.lith.com). ####################################################################### ====== 2) Bug ====== This bug is nothing new moreover considering that it's public from the far 2004 when this game was still a beta: http://aluigi.org/adv/lithfs-adv.txt What changes this time is the type of exploitation and the derived advantages since now the attack is completely anonymous from outside the server using only one UDP packet. When Punkbuster is enabled on a server (true for many public servers) it visualizes the content of some incoming packets using the game's console. The Punkbuster packets needed for forcing the visualization of a custom string in the console are PB_Y (YPG server) and PB_U (UCON), while in the past was ok to use PB_P too which has been recently made no longer verbose probably due to its abusing attempted by people for spamming servers (which is naturally still possible with the above packets). As already said this is a bug in the Lithtech engine and NOT in Punkbuster which is used only as a "way" for exploiting it. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/fearfspb.zip ####################################################################### ====== 4) Fix ====== No fix. The bug has been never "really" patched although it's public from 3 years. ####################################################################### --- Luigi Auriemma http://aluigi.org http://forum.aluigi.org http://mirror.aluigi.org  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |