Halo: Combat Evolved Multiple Denial Of Service Vulnerabilities

Bugtraq ID:	30582
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	No
Published:	Aug 06 2008 12:00AM
Updated:	Aug 07 2008 04:16PM
Credit:	Luigi Auriemma
Vulnerable:	Bungie Studios Halo: Combat Evolved 1.0.7.0615
Not Vulnerable:

Halo: Combat Evolved Multiple Denial Of Service Vulnerabilities

Halo: Combat Evolved is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly handle specially crafted network packets.

An attacker may exploit these issues to crash the affected application, denying service to legitimate users.

Halo: Combat Evolved 1.0.7.0615 is vulnerable; other versions may also be affected.

Halo: Combat Evolved Multiple Denial Of Service Vulnerabilities

The following exploit code is available:

• /data/vulnerabilities/exploits/haloloop3.zip
• /data/vulnerabilities/exploits/halonso.zip

Halo: Combat Evolved Multiple Denial Of Service Vulnerabilities

Solution:
Reports indicate that the vendor addressed this issue in a hotfix released on July 30, 2008. Please see the references for more information.

Halo: Combat Evolved Multiple Denial Of Service Vulnerabilities

References:

• Halo Combat Evolved Denial of Service Vulnerabilities (Luigi Auriemma)
  
• Halo Combat Evolved Homepage (Bungie Studios)
  
• Endless loop and resources consumption in Halo 1.0.7.0615 (Luigi Auriemma )