####################################################################### Luigi Auriemma Application: Terminator 3: War of the Machines http://www.atari.com/us/games/terminator_3_war/pc Versions: <= 1.16 Platforms: Windows Bugs: A] cd-key hash buffer-overflow B] big nickname access violation Exploitation: remote, versus server Date: 26 May 2005 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: http://aluigi.altervista.org ####################################################################### 1) Introduction 2) Bugs 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== Terminator 3: War of the Machines is a multiplayer FPS game developed by Clevers (http://www.clevers.com) and based on the homonym movie. It has been published by Atari (http://www.atari.com) in December 2003. ####################################################################### ======= 2) Bugs ======= ------------------------------ A] cd-key hash buffer-overflow ------------------------------ The text field containing the client cd-key hash is the cause of a buffer-overflow that affects the server. Note: this is NOT the Gamespy cd-key SDK buffer-overflow. -------------------------------- B] big nickname access violation -------------------------------- If an attacker uses a too big nickname the server crashes for the access to an arbitrary zone of the memory. ####################################################################### =========== 3) The Code =========== http://aluigi.altervista.org/poc/t3wmbof.zip ####################################################################### ====== 4) Fix ====== No fix. The game is no longer supported. ####################################################################### --- Luigi Auriemma http://aluigi.altervista.org