Home / vulnerabilities armynchia.txt
Posted on 04 August 2008
Source : packetstormsecurity.org Link
#######################################################################
Luigi Auriemma
Applications: America's Army
http://www.americasarmy.com
Versions: <= 2.8.3.1
Platforms: Windows (tested), Linux and Mac
Bug: server termination due to failed assertion
Exploitation: remote, versus server
Date: 02 Aug 2008
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.org
#######################################################################
1) Introduction
2) Bug
3) The Code
4) Fix
#######################################################################
===============
1) Introduction
===============
>From Wikipedia:
"America's Army (also known as AA or Army Game Project) is a tactical
multiplayer first-person shooter owned by the United States Government
and released as a global public relations initiative to help with U.S.
Army recruitment."
#######################################################################
======
2) Bug
======
The AA server can be terminated remotely through a specific single
spoofable UDP packet which leads to a failed assertion:
"Assertion failed: VoiceIndex<VOICE_MAX_CHATTERS"
Note: this bug is the same I found and disclosed in Unreal Tournament
2004 some days ago and which affects some other games too (ut2004null).
#######################################################################
===========
3) The Code
===========
http://aluigi.org/poc/armynchia.zip
#######################################################################
======
4) Fix
======
No fix
#######################################################################
---
Luigi Auriemma
http://aluigi.org
http://backup.aluigi.org
http://mirror.aluigi.org