SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

Endless loop in Soldner 33724


Arrow  SecurityAlert : 3983
Arrow  CVE : CVE-2008-3135
Arrow  CWE : CWE-399
Arrow  SecurityRisk : Medium  Security Risk Medium  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Victim interaction required : No
Arrow  Exploit Available : No
Arrow  Credit : Luigi Auriemma
Arrow  Published : 12.07.2008

Arrow  Affected Software : Luigi_auriemma, Soldner_secret_wars, 33724



Arrow  Advisory Content :  

#######################################################################

Luigi Auriemma

Application: SÖLDNER - Secret Wars
http://www.secretwars.net
http://soldner.jowood.com
Versions: <= 33724
Platforms: Windows
Bug: endless loop
Exploitation: remote, versus server
Date: 01 Jul 2008
Author: Luigi Auriemma
e-mail: aluigi (at) autistici (dot) org [email concealed]
web: aluigi.org

#######################################################################

1) Introduction
2) Bug
3) The Code
4) Fix

#######################################################################

===============
1) Introduction
===============

SÖLDNER is a tactical military game developed by Wings Simulations
and released in May 2004.

#######################################################################

======
2) Bug
======

Each UDP packet for this game can contain various blocks of data.
The type 0x80 forces the server to perform a cycle from zero to the 32
bit number (so max 0xffffffff) specified in that data block.
The maximum size of a packet supported by the game is 1400 bytes in
which is possible to place max 233 blocks of this type causing the
freeze of a server for over 2 hours (tested with a fast CPU).

#######################################################################

===========
3) The Code
===========

http://aluigi.org/poc/usurdat.zip

#######################################################################

======
4) Fix
======

No fix

#######################################################################

---
Luigi Auriemma
http://aluigi.org



Arrow  References :

http://www.securityfocus.com/archive/1/archive/1/493810/100/0/threaded
http://secunia.com/advisories/30880
http://aluigi.altervista.org/adv/usurdat-adv.txt




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc:fts_*() Multiple Denial of Service

Security Risk Medium- 2009-10-02

The fts functions are provided for traversing UNIX file hierarchies...
Apache RSS Apache Alert

» Apache 1.3.41 mod_proxy
   Integer overflow (code
   execution)

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion in work
   directory

» Apache Tomcat 6.0.20 and
   5.5.28 insecure partial
   deploy after failed
   undeploy

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion and/or
   alteration
PHP RSS PHP Alert

» PHP 5.2.12/5.3.1
   session.save_path
   safe_mode and
   open_basedir bypass

» PHP 5.2.12/5.3.1 Multiple
   Vulnerabilities

» PHP 5.2.11 libgd multiple
   vulnerabilities

» PHP 5.2.11 tempnam()
   safe_mode bypass
Copyright © SecurityReason.com. All Rights Reserved.