ssfakep.txt

ssfakep.txt: Posted Dec 11, 2004; Authored by Luigi Auriemma | Site aluigi.altervista.org; The Serious engine for games like Alpha Black Zero and Nitro family fails to limit the amount of new players joining a game, allowing for a denial of service. Only one UDP packet is needed to create a fake player.; tags | advisory, denial of service, udp; SHA-256 | 1d4d9d5101c652cd463fe24cc999f3991959494588e7a826a52df28c2c1a1133; Download | Favorite | View

ssfakep.txt


#######################################################################

                             Luigi Auriemma

Application:  Serious engine
              http://www.seriousengine.com
Games:        all the games based on this engine and using the UDP
              protocol:
              - Alpha Black Zero
              - Nitro family
              - Serious Sam Second Encounter 1.07
Platforms:    Windows, Linux and Mac
Bug:          crash
Exploitation: remote, versus server
Date:         28 November 2004 (and 29 Sep 2004)
Author:       Luigi Auriemma
              e-mail: aluigi@altervista.org
              web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


The Serious engine is a well known game engine developed by Croteam
(http://www.croteam.com) and used by some games.


#######################################################################

======
2) Bug
======


The bug affects the games based on the Serious engine using the UDP
protocol (those using TCP are immune).

The problem is that the server doesn't limit the amount of new players,
so it crashs when too much (fake) players try to join.

Is needed only one packet to create a fake player and the bug can be
exploited also versus servers protected by password "without" knowing
the keyword.


#######################################################################

===========
3) The Code
===========


http://aluigi.altervista.org/fakep/ssfakep.zip


#######################################################################

======
4) Fix
======


No fix.


#######################################################################


--- 
Luigi Auriemma
http://aluigi.altervista.org

Top Authors In Last 30 Days

Red Hat 231 files
indoushka 108 files
Ubuntu 86 files
Gentoo 36 files
Jasper Nota 25 files
Debian 19 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,100)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,789)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,546)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,754)
UNIX (9,437)
UnixWare (187)
Windows (6,674)
Other

ssfakep.txt

ssfakep.txt

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

ssfakep.txt

Share This

ssfakep.txt

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems