NULL pointer in Unreal Tournament 2004 v3369

2008.07.31
Credit: Luigi Auriemma
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

####################################################################### Luigi Auriemma Application: Unreal Tournament 2004 http://www.unrealtournament2003.com/ut2004/index.html Versions: <= v3369 Platforms: Windows and Linux Bug: NULL pointer Exploitation: remote, versus server Date: 30 Jul 2008 Author: Luigi Auriemma e-mail: aluigi_at_autistici_dot_org web: aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== Unreal Tournament 2004 is a well known FPS game developed by Epic Games (http://www.epicgames.com) and released at the beginning of the 2004. ####################################################################### ====== 2) Bug ====== Through a specific sequence of packets an attacker is able to crash the UT2004 server due to a NULL pointer exception. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/ut2004null.zip ####################################################################### ====== 4) Fix ====== No fix ####################################################################### --- Luigi Auriemma http://aluigi.org http://backup.aluigi.org http://mirror.aluigi.org

References:

http://seclists.org/fulldisclosure/2008/Jul/0537.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top