FUN labs Game Engine Multiple Remote Denial of Service Vulnerabilities

Bugtraq ID:	12862
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2005-0848 CVE-2005-0849
Remote:	Yes
Local:	No
Published:	Mar 20 2005 12:00AM
Updated:	Jul 12 2009 10:56AM
Credit:	Discovery is credited to Luigi Auriemma.
Vulnerable:	FUN labs US Most Wanted: Nowhere To Hide FUN labs Shadow Force: Razor Unit FUN labs Secret Service - In harm's Way FUN labs Revolution FUN labs Cabela's Deer Hunt 2005 FUN labs Cabela's Dangerous Hunts FUN labs Cabela's Big Game Hunter 2005 FUN labs Cabela's Big Game Hunter 2004
Not Vulnerable:

FUN labs Game Engine Multiple Remote Denial of Service Vulnerabilities

Multiple FUN labs games are affected by remote denial of service vulnerabilities.

A remote attacker can cause a game server to stop responding by sending an empty UDP packet.

Another vulnerability can allow a remote attacker to send a malformed join packet and crash the server.

These issues can be exploited to cause a denial of service condition in the server.

FUN labs Game Engine Multiple Remote Denial of Service Vulnerabilities

An exploit is not required.

A proof of concept is available:

• /data/vulnerabilities/exploits/funlabsboom.zip

FUN labs Game Engine Multiple Remote Denial of Service Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

FUN labs Game Engine Multiple Remote Denial of Service Vulnerabilities

References:

• FUN labs Home Page (FUN labs)
  
• FunLabs games (Luigi Auriemma)