Application: Skulltag http://www.skulltag.com Versions: <= 0.97d2-RC2 Platforms: Windows, Linux and FreeBSD Bug: loop during the parsing of the packets Exploitation: remote, versus server Date: 16 Jun 2008 Author: Luigi Auriemma e-mail: firstname.lastname@example.org web: aluigi.org
1) Introduction 2) Bug 3) The Code 4) Fix
=============== 1) Introduction ===============
Skulltag is a port of the original Doom mainly focused on multiplayer gaming.
====== 2) Bug ======
Skulltag is affected by a problem in the parsing of some packets with the result of freezing the entine server for some seconds through the sending of a single big malformed packet which is parsed multiple times. This Denial of Service can be made endless using multiple malformed packets at regular intervals.
=========== 3) The Code ===========
====== 4) Fix ======
Luigi Auriemma http://aluigi.org