Star Wars Jedi Knight: Jedi Academy Buffer Overflow Vulnerability
BID:12977
Info
Star Wars Jedi Knight: Jedi Academy Buffer Overflow Vulnerability
| Bugtraq ID: | 12977 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-0984 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 02 2005 12:00AM |
| Updated: | Jul 12 2009 11:56AM |
| Credit: | Discovered by Luigi Auriemma <aluigi@..>. |
| Vulnerable: |
LucasArts Star Wars Jedi Knight: Jedi Academy 1.0.11 |
| Not Vulnerable: | |
Discussion
Star Wars Jedi Knight: Jedi Academy Buffer Overflow Vulnerability
A buffer overflow is present in Jedi Academy that can be exploited remotely by client systems. The overflow is due to the use of the sprintf() function in a text visualization procedure, G_Printf(). The attacker can exploit this vulnerability to execute arbitrary code on the server.
A buffer overflow is present in Jedi Academy that can be exploited remotely by client systems. The overflow is due to the use of the sprintf() function in a text visualization procedure, G_Printf(). The attacker can exploit this vulnerability to execute arbitrary code on the server.
Exploit / POC
Star Wars Jedi Knight: Jedi Academy Buffer Overflow Vulnerability
The advisory describing this vulnerability published by Luigi Auriemma outlined the following steps for exploitation:
- download the following file:
jamsgbof.cfg
- place it in the base folder of the game: GameData\base
- start a client and a server
- join the server
- go into the client console (shift + ~)
- type: /exec jamsgbof
- the server will crash with the return address overwritten with
0x61616161
The advisory describing this vulnerability published by Luigi Auriemma outlined the following steps for exploitation:
- download the following file:
jamsgbof.cfg
- place it in the base folder of the game: GameData\base
- start a client and a server
- join the server
- go into the client console (shift + ~)
- type: /exec jamsgbof
- the server will crash with the return address overwritten with
0x61616161
Solution / Fix
Star Wars Jedi Knight: Jedi Academy Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Star Wars Jedi Knight: Jedi Academy Buffer Overflow Vulnerability
References:
References:
- In-game server buffer-overflow in Jedi Academy 1.011 (Luigi Auriemma