Bontago Game Server Remote Nickname Buffer Overrun Vulnerability
BID:12603
Info
Bontago Game Server Remote Nickname Buffer Overrun Vulnerability
| Bugtraq ID: | 12603 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 21 2005 12:00AM |
| Updated: | Feb 21 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to Luigi Auriemma. |
| Vulnerable: |
DigiPen Bontago 1.1 |
| Not Vulnerable: | |
Discussion
Bontago Game Server Remote Nickname Buffer Overrun Vulnerability
The Bontago game server is reported to be affected by a remote buffer overrun vulnerability. The issue is reported to exist due to a lack of sufficient boundary checks performed on client-supplied 'nickname' values.
It is conjectured that a remote attacker may exploit this vulnerability to influence execution flow of a target game server and have arbitrary supplied instructions executed in the context of the affected process.
This vulnerability is reported to exist in Bontago versions up to an including version 1.1.
The Bontago game server is reported to be affected by a remote buffer overrun vulnerability. The issue is reported to exist due to a lack of sufficient boundary checks performed on client-supplied 'nickname' values.
It is conjectured that a remote attacker may exploit this vulnerability to influence execution flow of a target game server and have arbitrary supplied instructions executed in the context of the affected process.
This vulnerability is reported to exist in Bontago versions up to an including version 1.1.
Exploit / POC
Bontago Game Server Remote Nickname Buffer Overrun Vulnerability
The following exploit is available:
The following exploit is available:
Solution / Fix
Bontago Game Server Remote Nickname Buffer Overrun Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Bontago Game Server Remote Nickname Buffer Overrun Vulnerability
References:
References:
- Bontago (Luigi Auriemma)
- Bontago Vendor Homepage (DigiPen)