Halo: Combat Evolved versions 1.4 and below suffer from an off-by-one vulnerability that can result in a denial of service.
ab368723fc5910a5e72174769904c58f6bf0ed7dfd96ac0223fcb7fbb731516f
#######################################################################
Luigi Auriemma
Application: Halo: Combat Evolved
http://www.bungie.net/Games/HaloPC/
Versions: <= 1.4
Platforms: Windows and MacOS
Bug: off-by-one (Denial of Service)
Risk: medium/high
Exploitation: remote, versus server
Date: 09 September 2004
Author: Luigi Auriemma
e-mail: aluigi@altervista.org
web: http://aluigi.altervista.org
#######################################################################
1) Introduction
2) Bug
3) The Code
4) Fix
#######################################################################
===============
1) Introduction
===============
Halo is the widely known game originally developed by Bungie Studios
and ported on PC by Gearbox Software (http://www.gearboxsoftware.com).
It has been released in September 2003.
#######################################################################
======
2) Bug
======
Halo uses the Gamespy SDK and moreover the handshake algorithm provided
in this library (http://aluigi.altervista.org/papers/gssdkcr.h) to let
players to join servers.
The off-by-one bug is located just in the client's response (the last
stage of this handshake) because if it is longer than 32 bytes causes
the immediate crash of the server.
#######################################################################
===========
3) The Code
===========
http://aluigi.altervista.org/poc/haloboom.zip
#######################################################################
======
4) Fix
======
Patch 1.05 for both Win32 and MacOS.
#######################################################################
---
Luigi Auriemma
http://aluigi.altervista.org
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed