Remote server crash in Haegemonia <= 1.07

2004-02-26T00:00:00
ID SECURITYVULNS:DOC:5831
Type securityvulns
Reporter Securityvulns
Modified 2004-02-26T00:00:00

Description

                         Luigi Auriemma

Application: Haegemonia http://www.haegemonia.com Versions: <= 1.07 Platforms: Windows Bug: reading of unallocated memory (crash) Risk: high Exploitation: remote, versus server Date: 24 Feb 2004 Author: Luigi Auriemma e-mail: aluigi@altervista.org web: http://aluigi.altervista.org

1) Introduction 2) Bug 3) The Code 4) Fix

=============== 1) Introduction ===============

Haegemonia is a strategic space combat game developed by Digital Reality (http://www.digitalreality.hu) released in the 2002. This game has excellent ambient musics but its network protocol seems a bit bugged...

====== 2) Bug ======

The bug is a classical reading of unallocated memory caused by the sending of a packet containing a chat message with a too big 32bit number identifying the length of the message.

=========== 3) The Code ===========

http://aluigi.altervista.org/poc/hgmcrash.zip

====== 4) Fix ======

No fix. Developers have not replied to my mails.


Luigi Auriemma http://aluigi.altervista.org