Digital Reality Game Engine Remote Denial Of Service Vulnerability

Bugtraq ID:	9736
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 24 2004 12:00AM
Updated:	Feb 24 2004 12:00AM
Credit:	Discovery of this issue has been credited to Luigi Auriemma <[email protected]>.
Vulnerable:	Digital Reality Haegemonia 1.0.7 Digital Reality Haegemonia 1.0.5 Digital Reality Haegemonia 1.0.4 Digital Reality Haegemonia 1.0 Digital Reality Desert Rats vs. Afrika Korps 1.0
Not Vulnerable:

Digital Reality Game Engine Remote Denial Of Service Vulnerability

It has been reported that the Digital Reality Game engine is prone to a remote denial of service vulnerability. This issue is due to a failure of the application to validate packet data size input supplied by a client.

The immediate consequences of a successful attack will cause the affected server to crash. It has been conjectured that this issue may also be leveraged to execute arbitrary code in the context of the affected application, however this has not been verified.

Digital Reality Game Engine Remote Denial Of Service Vulnerability

The following exploit has been supplied:

• /data/vulnerabilities/exploits/hgmcrash.c

Digital Reality Game Engine Remote Denial Of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Digital Reality Game Engine Remote Denial Of Service Vulnerability

References:

• Desert Rats vs. Afrika Korps Homepage (Digital Reality)
  
• hgmcrash-adv.txt (Luigi Auriemma )
  
• Product Home Page (Digital Reality)
  
• Remote server crash in Haegemonia <= 1.07 (Luigi Auriemma )