People Can Fly Painkiller Gamespy CD-Key Hash Remote Buffer Overflow Vulnerability

Bugtraq ID:	12423
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 02 2005 12:00AM
Updated:	Feb 02 2005 12:00AM
Credit:	Discovery is credited to Luigi Auriemma <[email protected]>.
Vulnerable:	People can Fly Painkiller 1.3.5 People can Fly Painkiller 1.3.1
Not Vulnerable:	People can Fly Painkiller 1.6.1

People Can Fly Painkiller Gamespy CD-Key Hash Remote Buffer Overflow Vulnerability

Painkiller is reported prone to a remote buffer overflow vulnerability. This issue presents itself due to insufficient boundary checks performed by the application during server-side authorization of a Gamespy cd-key hash.

Painkiller versions 1.35 and prior are reported vulnerable to this issue.

People Can Fly Painkiller Gamespy CD-Key Hash Remote Buffer Overflow Vulnerability

The following proof of concept is available:

• /data/vulnerabilities/exploits/painkill_key_bof.tar

People Can Fly Painkiller Gamespy CD-Key Hash Remote Buffer Overflow Vulnerability

Solution:
The vendor has released Painkiller 1.6.1 to address this issue.


People can Fly Painkiller 1.3.1

• People can Fly Painkiller 1.6.1
  http://www.painkillergame.com/index2.php

People can Fly Painkiller 1.3.5

• People can Fly Painkiller 1.6.1
  http://www.painkillergame.com/index2.php

People Can Fly Painkiller Gamespy CD-Key Hash Remote Buffer Overflow Vulnerability

References:

• Painkiller Homepage (Painkiller)
  
• Limited buffer-overflow in Painkiller 1.35 (Luigi Auriemma )