Call of Duty Anti-Buffer-Overflow Protection Large Input DoS

2004-09-05T20:02:05
ID OSVDB:9703
Type osvdb
Reporter Luigi Auriemma(aluigi@altervista.org)
Modified 2004-09-05T20:02:05

Description

Vulnerability Description

Call of Duty contains a flaw that may allow a remote denial of service. The issue is triggered when a query or a reply containing over 1024 chars is sent to the Call of Duty client or server, which triggers the anti-buffer overflow code, and will result in loss of availability for the client/server.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, icculus has released a patch to address this vulnerability for the Linux and Luigi Auriemma has released a patch to address this vulnerability for the Windows version.

Short Description

Call of Duty contains a flaw that may allow a remote denial of service. The issue is triggered when a query or a reply containing over 1024 chars is sent to the Call of Duty client or server, which triggers the anti-buffer overflow code, and will result in loss of availability for the client/server.

References:

Vendor URL: http://www.callofduty.com Vendor URL: http://www.infinityward.com/ Security Tracker: 1011165 Other Solution URL: http://aluigi.altervista.org/patches/cod-14-fix.zip Other Solution URL: http://www.icculus.org/betas/cod/ Other Solution URL: http://aluigi.altervista.org/patches/coduo-141-fix.zip Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0176.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0236.html Generic Exploit URL: http://aluigi.altervista.org/poc/codboom.zip CVE-2005-0430