Volition Red Faction Game Client Remote Buffer Overflow Vulnerability
BID:9775
Info
Volition Red Faction Game Client Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 9775 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-0345 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 01 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | Discovery is credited to Luigi Auriemma <[email protected]>. |
| Vulnerable: |
Volition Red Faction 1.20 Volition Red Faction 1.1 0 Volition Red Faction 1.0 |
| Not Vulnerable: | |
Discussion
Volition Red Faction Game Client Remote Buffer Overflow Vulnerability
It has been reported that Red Faction game client may be prone to a remote buffer overflow vulnerability that could allow remote attackers to execute arbitrary code in a vulnerable system in order to gain unauthorized access. It has been reported that this vulnerability can be reproduced by sending a server name of 260 characters or more to a vulnerable client. When the client reads in the string, sensitive regions of memory may be corrupted with attacker-supplied values.
Red Faction versions 1.20 and prior are reported to be affected by this issue.
It has been reported that Red Faction game client may be prone to a remote buffer overflow vulnerability that could allow remote attackers to execute arbitrary code in a vulnerable system in order to gain unauthorized access. It has been reported that this vulnerability can be reproduced by sending a server name of 260 characters or more to a vulnerable client. When the client reads in the string, sensitive regions of memory may be corrupted with attacker-supplied values.
Red Faction versions 1.20 and prior are reported to be affected by this issue.
Exploit / POC
Volition Red Faction Game Client Remote Buffer Overflow Vulnerability
Exploit code can be obtained from the following location:
http://aluigi.altervista.org/poc/rfcbof.zip
Exploit code can be obtained from the following location:
http://aluigi.altervista.org/poc/rfcbof.zip
Solution / Fix
Volition Red Faction Game Client Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Volition Red Faction Game Client Remote Buffer Overflow Vulnerability
References:
References:
- Red Faction Homepage (Volition)
- Clients broadcast buffer overflow in Red Faction <= 1.20 (Luigi Auriemma