Medal of Honor Remote Overflow

2004-07-17T00:00:00
ID OSVDB:8061
Type osvdb
Reporter Luigi Auriemma(aluigi@altervista.org)
Modified 2004-07-17T00:00:00

Description

Vulnerability Description

A number of remote buffer-overflow vulnerabilities exist in versions of Medal of Honor. The Medal of Honour query/reply manager does not perform any validation or verification checks for slashs, NULL bytes or value sizes before passing input into a new buffer. With a specially crafted request an attacker can cause arbitrary code to be run with system level priveleges, resulting in a possible loss of integrity.

Technical Description

The data causing the overflow can be used in a lot of packet types, includig the "getinfo" query in the "connect" packet. This is a particularly effective method of attack as the query can be made in a single UDP packet which can be spoofed to ensure the server will not block it.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Luigi Auriemma has released an unofficial patch to address this vulnerability.

Short Description

A number of remote buffer-overflow vulnerabilities exist in versions of Medal of Honor. The Medal of Honour query/reply manager does not perform any validation or verification checks for slashs, NULL bytes or value sizes before passing input into a new buffer. With a specially crafted request an attacker can cause arbitrary code to be run with system level priveleges, resulting in a possible loss of integrity.

References:

Vendor URL: http://mohaa.ea.com Secunia Advisory ID:12089 Other Advisory URL: http://aluigi.altervista.org/adv/mohaabof-adv.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0716.html ISS X-Force ID: 16715 CVE-2004-0735