Gameguru Mania Forum Index Gameguru Mania
Daily Gaming, Hardware, Software and Technology News
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
news | cheats | reviews | specials | hardware | demos | FLASH GAMES | about | links


In-game format string in Judge Dredd vs. Death 1.01

 
Post new topic   Reply to topic    Gameguru Mania Forum Index -> Security
View previous topic :: View next topic  
Author Message
heretic
Site Admin
Site Admin


Joined: 27 May 2004
Posts: 1656
Location: Planet Hell
PostPosted: Mon Oct 04, 2004 9:56 pm    Post subject: In-game format string in Judge Dredd vs. Death 1.01 Reply with quote
#######################################################################

Luigi Auriemma

Application: Judge Dredd: Dredd vs. Death
http://www.dreddvsdeath.com
Versions: <= 1.01
Platforms: Windows
Bug: format string
Exploitation: remote, versus server (in-game)
Date: 02 October 2004
Author: Luigi Auriemma
e-mail: aluigi altervista org
web: http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Dredd vs Death is a cool FPS game based on the homonym comic strip.
The game has been developed by Rebellion (http://www.rebellion.co.uk)
and has been released in October 2003.


#######################################################################

======
2) Bug
======


The problem is a format string bug in the handling of the messages
received from clients like "player connected", chat messages and so on.

Like any in-game bug, the attacker must have access to the match (so if
the server is protected by password, he must know it).


#######################################################################

===========
3) The Code
===========


Launch a client and a server, go on the client side, join the server
and send the following chat message (by default pressing the 'T' key):

%n%n%n%n%n

The server will crash immediately.

You can do the same check running only the server and sending the chat
message from the same computer.


#######################################################################

======
4) Fix
======


No fix.
Developers have not replied to my mails.


#######################################################################
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    Gameguru Mania Forum Index -> Security All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group