Lords of the Realm III versions 1.01 and below suffer from a denial of service attack when an overly long string is supplied as the user's nickname.
be5e72d76f5affa99a38903610f3e2010c8305664ad5ec80ae808d6916a9e220#######################################################################
Luigi Auriemma
Application: Lords of the Realm III
http://www.lords3.com
Versions: <= 1.01
Platforms: Windows
Bug: crash
Risk: low/medium
Exploitation: remote, versus server
Date: 19 September 2004
Author: Luigi Auriemma
e-mail: aluigi@altervista.org
web: http://aluigi.altervista.org
#######################################################################
1) Introduction
2) Bug
3) The Code
4) Fix
#######################################################################
===============
1) Introduction
===============
Lords of the Realm III is a strategic game developed by Impressions
Games (http://www.impressionsgames.com) and released in March 2004.
#######################################################################
======
2) Bug
======
The problem is located in the length of the user's nickname, in fact if
it is too long the server will try to write to an unallocated zone of
the memory.
The bug can be exploited only when the server is in the lobby stage (so
when users can join it) because it is the only moment that it accepts
connections.
#######################################################################
===========
3) The Code
===========
http://aluigi.altervista.org/poc/lotr3boom.zip
#######################################################################
======
4) Fix
======
No fix.
Doesn't exist an e-mail address to directly contact the developers...
#######################################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed