Volition Freespace 2 Game Client Remote Buffer Overflow Vulnerability
BID:9785
Info
Volition Freespace 2 Game Client Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 9785 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 02 2004 12:00AM |
| Updated: | Mar 02 2004 12:00AM |
| Credit: | Discovery is credited to Luigi Auriemma <[email protected]>. |
| Vulnerable: |
Volition Freespace 2 1.2 |
| Not Vulnerable: | |
Discussion
Volition Freespace 2 Game Client Remote Buffer Overflow Vulnerability
It has been reported that Freespace 2 game client may be prone to a remote buffer overflow vulnerability that could allow remote attackers to execute arbitrary code in a vulnerable system in order to gain unauthorized access. It has been reported that this vulnerability can be reproduced by sending a server name of 180 characters or more to a vulnerable client. When the client reads in the string, sensitive regions of memory may be corrupted with attacker-supplied values.
Freespace 2 versions 1.20 and prior are reported to be affected by this issue.
It has been reported that Freespace 2 game client may be prone to a remote buffer overflow vulnerability that could allow remote attackers to execute arbitrary code in a vulnerable system in order to gain unauthorized access. It has been reported that this vulnerability can be reproduced by sending a server name of 180 characters or more to a vulnerable client. When the client reads in the string, sensitive regions of memory may be corrupted with attacker-supplied values.
Freespace 2 versions 1.20 and prior are reported to be affected by this issue.
Exploit / POC
Volition Freespace 2 Game Client Remote Buffer Overflow Vulnerability
Exploit code can be obtained from the following location:
http://aluigi.altervista.org/poc/fs2cbof.zip
Exploit code can be obtained from the following location:
http://aluigi.altervista.org/poc/fs2cbof.zip
Solution / Fix
Volition Freespace 2 Game Client Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Volition Freespace 2 Game Client Remote Buffer Overflow Vulnerability
References:
References:
- Freespace 2 Product Page (Volition)