Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: TrackMania Demo Denial of Service
From: Luigi Auriemma <aluigi () altervista org>
Date: Mon, 9 Feb 2004 22:06:54 +0000
TrackMania Demo Denial of Service
The original document can be found at
http://www.securiteinfo.com/attaques/hacking/trackmaniados.shtml


Also Virtual Skipper 3 is vulnerable so the problem is in the game engine
developed by Nadeo (http://www.nadeo.com)



The multiplayer game use TCP port 2350 to communicate. If you send some 
garbage to this port, it will shutdown the game server.


Not exactly garbage data but too long values, in fact the game uses 32bit
numbers to specify the size of the data that follows so this seems the cause
of the server crash.
Another simple test is the modification of the 32bit values in the UDP query
packets used to define the length of some strings.



The multiplayer demo of this game 
is subject to denial of service.


Due the type of bug probably also the retail version is vulnerable.
Who bet?


BYEZ


--- 
Luigi Auriemma
http://aluigi.altervista.org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]