Server freezed in Skulltag 0.97d2-RC2

Type securityvulns
Reporter Securityvulns
Modified 2008-06-17T00:00:00


                         Luigi Auriemma

Application: Skulltag Versions: <= 0.97d2-RC2 Platforms: Windows, Linux and FreeBSD Bug: loop during the parsing of the packets Exploitation: remote, versus server Date: 16 Jun 2008 Author: Luigi Auriemma e-mail: web:

1) Introduction 2) Bug 3) The Code 4) Fix

=============== 1) Introduction ===============

Skulltag is a port of the original Doom mainly focused on multiplayer gaming.

====== 2) Bug ======

Skulltag is affected by a problem in the parsing of some packets with the result of freezing the entine server for some seconds through the sending of a single big malformed packet which is parsed multiple times. This Denial of Service can be made endless using multiple malformed packets at regular intervals.

=========== 3) The Code ===========

====== 4) Fix ======

Version 0.97d2-RC3

Luigi Auriemma