Chris Moneymakers World Poker Championship Nickname Join Remote Overflow

2005-08-17T06:29:04
ID OSVDB:18844
Type osvdb
Reporter Luigi Auriemma(aluigi@autistici.org)
Modified 2005-08-17T06:29:04

Description

Vulnerability Description

A remote overflow exists in Chris Moneymaker's World Poker Championship. The game server fails to check bounds on player nickname's resulting in a stack-based overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A remote overflow exists in Chris Moneymaker's World Poker Championship. The game server fails to check bounds on player nickname's resulting in a stack-based overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://moneymakergaming.com/ Security Tracker: 1014738 Secunia Advisory ID:16478 Other Advisory URL: http://aluigi.altervista.org/adv/chmpokbof-adv.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0551.html Keyword: game server Generic Exploit URL: http://aluigi.org/poc/chmpokbof.zip CVE-2005-2639 Bugtraq ID: 14587