Call of Duty / Call of Duty: United Offensive Denial of Service Vulnerability
BID:12978
Info
Call of Duty / Call of Duty: United Offensive Denial of Service Vulnerability
| Bugtraq ID: | 12978 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 02 2005 12:00AM |
| Updated: | Jun 23 2008 11:31PM |
| Credit: | Discovered by Luigi Auriemma <aluigi@..>. |
| Vulnerable: |
Activision Call of Duty United Offensive 1.41 Activision Call of Duty United Offensive 1.5.1 b Activision Call of Duty 4 1.6 Activision Call of Duty 4 1.5 Activision Call of Duty 1.5 b Activision Call of Duty 1.4 |
| Not Vulnerable: | |
Discussion
Call of Duty / Call of Duty: United Offensive Denial of Service Vulnerability
Call of Duty and the followup Call of Duty: United Offensive are vulnerable to a remotely exploitable denial-of-service vulnerability. When a client sends the server a message or command that is larger than 1024 characters, the server will crash. This will result in a denial of service.
Call of Duty and the followup Call of Duty: United Offensive are vulnerable to a remotely exploitable denial-of-service vulnerability. When a client sends the server a message or command that is larger than 1024 characters, the server will crash. This will result in a denial of service.
Exploit / POC
Call of Duty / Call of Duty: United Offensive Denial of Service Vulnerability
The author of the advisory describing this vulnerability, Luigi Auriemma, provided the following steps for triggering the issue:
- download the following file:
codmsgboom.cfg
- place it in the base folder of the game: main or uo
- start a client and a server
- join the server
- go into the client console (~ key)
- type: /exec codmsgboom
- the server will crash showing an error
The following proofs of concept are also available:
The author of the advisory describing this vulnerability, Luigi Auriemma, provided the following steps for triggering the issue:
- download the following file:
codmsgboom.cfg
- place it in the base folder of the game: main or uo
- start a client and a server
- join the server
- go into the client console (~ key)
- type: /exec codmsgboom
- the server will crash showing an error
The following proofs of concept are also available:
Solution / Fix
Call of Duty / Call of Duty: United Offensive Denial of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Call of Duty / Call of Duty: United Offensive Denial of Service Vulnerability
References:
References:
- Double Denial of Service in Call of Duty 4 1.6 (Luigi Auriemma
- In-game server crash in Call of Duty 1.5b and United Offensive 1.51b (Luigi Auriemma
- Call of Duty 4: Modern Warfare (Luigi Auriemma )