Server freezed in Skulltag 0.97d2-RC2

2008-06-17T00:00:00
ID SECURITYVULNS:DOC:20056
Type securityvulns
Reporter Securityvulns
Modified 2008-06-17T00:00:00

Description

                         Luigi Auriemma

Application: Skulltag http://www.skulltag.com Versions: <= 0.97d2-RC2 Platforms: Windows, Linux and FreeBSD Bug: loop during the parsing of the packets Exploitation: remote, versus server Date: 16 Jun 2008 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org

1) Introduction 2) Bug 3) The Code 4) Fix

=============== 1) Introduction ===============

Skulltag is a port of the original Doom mainly focused on multiplayer gaming.

====== 2) Bug ======

Skulltag is affected by a problem in the parsing of some packets with the result of freezing the entine server for some seconds through the sending of a single big malformed packet which is parsed multiple times. This Denial of Service can be made endless using multiple malformed packets at regular intervals.

=========== 3) The Code ===========

http://aluigi.org/poc/skulltagloop.zip

====== 4) Fix ======

Version 0.97d2-RC3


Luigi Auriemma http://aluigi.org