|
Full Disclosure
mailing list archives
GSC Voice Server Denial of Service Vulnerability
From: "Michael J. Gray" <mooseous () gmail com>
Date: Thu, 29 Sep 2011 03:22:21 -0700
Product: GSC (Game Servers Client)
Version: 2.00 Build 3017
Website: http://getgsc.com
By inspecting the network traffic of messages to voice servers one can see
that ASCII strings are prefixed with their length as a 32-bit signed
integer. Simply modifying this to any length in excess of the actual
string's length will cause a denial of service to that voice server by
crashing it. This may be a precursor to a buffer overflow vulnerability, but
it appears not to be exploitable in this way at this time.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- GSC Voice Server Denial of Service Vulnerability Michael J. Gray (Sep 29)
| 
