SecurityReason - NULL pointer in ZDaemon 1.08.07

Register | Forget Password | Login

	SecurityReason
News

Search

SecurityAlert

About SecurityAlert

ExploitAlert

SecurityReason Research

	WLB
WLB Database

Send to WLB

About WLB

	RSS
News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

	Corporate
Contact

About us

	Services
SecurePHP


	Note
If you have found a vulnerability, please send to our SecurityAlert Database : secalert()securityreason()com Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive : exploit()securityreason()com

Details : SecurityAlert

Topic :

NULL pointer in ZDaemon 1.08.07

SecurityAlert : 4043

CVE : CVE-2008-3314

CWE : CWE-20

SecurityRisk : Medium alert

alert

(About)

Remote Exploit : Yes

Local Exploit : No

Victim interaction required : No

Exploit Given : Yes

Credit : Luigi Auriemma

Published : 28.07.2008

Affected Software :

Zdaemon, Zdaemon, 1.08.01
Zdaemon, Zdaemon, 1.08.02
Zdaemon, Zdaemon, 1.08.03
Zdaemon, Zdaemon, 1.08.04
Zdaemon, Zdaemon, 1.08.05
Zdaemon, Zdaemon, 1.08.06
Zdaemon, Zdaemon, 1.08
Zdaemon, Zdaemon, 1.08.07, and previous

Advisory Text :

#######################################################################

Luigi Auriemma

Application: ZDaemon
http://www.zdaemon.org
Versions: <= 1.08.07
Platforms: Windows and Linux
Bug: NULL pointer
Exploitation: remote, versus server (in-game)
Date: 21 Jul 2008
Author: Luigi Auriemma
e-mail: aluigi (at) autistici (dot) org [email concealed]
web: aluigi.org

#######################################################################

1) Introduction
2) Bug
3) The Code
4) Fix

#######################################################################

===============
1) Introduction
===============

ZDaemon is one of the most played multiplayer ports of the Doom engine
and at the same time one of the most criticized too.

#######################################################################

======
2) Bug
======

The ZDaemon server is affected by a NULL pointer vulnerability which
allows an attacker to crash it when a specific type of command (type 6)
is used.

The attacker needs to join the server for exploiting this bug so his IP
address must be not banned and he must know the right keyword if the
server is protected with a password.

#######################################################################

===========
3) The Code
===========

http://aluigi.org/poc/zdaemonull.zip

#######################################################################

======
4) Fix
======

No fix

#######################################################################

---
Luigi Auriemma
http://aluigi.org
http://backup.aluigi.org
http://mirror.aluigi.org

References :

http://xforce.iss.net/xforce/xfdb/43946
http://www.securityfocus.com/bid/30340
http://www.securityfocus.com/archive/1/archive/1/494634/100/0/threaded
http://secunia.com/advisories/31185
http://aluigi.org/poc/zdaemonull.zip
http://aluigi.altervista.org/adv/zdaemonull-adv.txt

Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.

	Alert
BSD libc (strfmon) Multiple vulnerabilities - 2008-03-25 Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected BSD systems.


	Apache
» Apache Tomcat information disclosure

» Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability

» Apache Tomcat information disclosure vulnerability

» Apache Tomcat XSS vulnerability



	PHP
» PHP 5.2.6 chdir(),ftok() (standard ext) safe_mode bypass

» PHP 5.2.6 posix_access() (posix ext) safe_mode bypass

» PHP 5.2.5 and prior : *printf() functions Integer Overflow

» PHP 5.2.5 cURL safe_mode bypass

Copyright © SecurityReason. All Rights Reserved.