Roger Wilco Server Unauthorized Audio Stream Denial Of Service Vulnerability
BID:10025
Info
Roger Wilco Server Unauthorized Audio Stream Denial Of Service Vulnerability
| Bugtraq ID: | 10025 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 31 2004 12:00AM |
| Updated: | Mar 31 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to Luigi Auriemma <[email protected]>. |
| Vulnerable: |
GameSpy RW Base Station 0.3 0a GameSpy Roger Wilco Graphical Server 1.4.1 .6 GameSpy Roger Wilco Graphical Server 1.4.1 .5 GameSpy Roger Wilco Graphical Server 1.4.1 .4 GameSpy Roger Wilco Graphical Server 1.4.1 .3 GameSpy Roger Wilco Graphical Server 1.4.1 .2 GameSpy Roger Wilco Graphical Server 1.4.1 .1 GameSpy Roger Wilco Dedicated Server (Win32) 0.30 a GameSpy Roger Wilco Dedicated Server (Win32) 0.29 GameSpy Roger Wilco Dedicated Server (Win32) 0.28 GameSpy Roger Wilco Dedicated Server (Win32) 0.27 GameSpy Roger Wilco Dedicated Server (Win32) 0.26 GameSpy Roger Wilco Dedicated Server (Linux,BSD) 0.27 GameSpy Roger Wilco Dedicated Server (Linux,BSD) 0.26 |
| Not Vulnerable: | |
Discussion
Roger Wilco Server Unauthorized Audio Stream Denial Of Service Vulnerability
A vulnerability has been reported in the Roger Wilco Server, it is reported that a user does not need to connect to the server over the TCP port to have UDP based audio streams handled. Rather the attacker will require knowledge of user ID's connected to a target channel. Because the user ID's for a channel exist in a range of 0-127, the attacker may transmit an audio stream to an affected server that will be heard by all connected users, however the server administrator will have no control over disconnecting or muting this audio stream.
A vulnerability has been reported in the Roger Wilco Server, it is reported that a user does not need to connect to the server over the TCP port to have UDP based audio streams handled. Rather the attacker will require knowledge of user ID's connected to a target channel. Because the user ID's for a channel exist in a range of 0-127, the attacker may transmit an audio stream to an affected server that will be heard by all connected users, however the server administrator will have no control over disconnecting or muting this audio stream.
Exploit / POC
Roger Wilco Server Unauthorized Audio Stream Denial Of Service Vulnerability
The following proof of concept has been supplied:
The following proof of concept has been supplied:
Solution / Fix
Roger Wilco Server Unauthorized Audio Stream Denial Of Service Vulnerability
Solution:
This software is no longer supported.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
This software is no longer supported.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Roger Wilco Server Unauthorized Audio Stream Denial Of Service Vulnerability
References:
References:
- Roger Wilco Home Page (GameSpy)
- RogerWilco: new funny bugs (Luigi Auriemma
)