Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 12:00

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 
Author Message
 Post subject: First vulnerability in the Doom 3 engine
PostPosted: 01 Oct 2007 18:47 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
a format string exploitable from outside the server of games like Doom 3, Quake 4 and Prey:

http://aluigi.org/adv/d3engfspb-adv.txt

There is also a video available here:

http://aluigi.org/video.htm
http://www.youtube.com/watch?v=SvzGqFlNZOo


Last edited by aluigi on 02 Oct 2007 12:24, edited 1 time in total.

Top
 Profile  
 
 
 Post subject:
PostPosted: 02 Oct 2007 11:14 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
nice discovery. ..so basically its something like buffer overflow ?
i dont have any of those games anymore...


Top
 Profile  
 
 Post subject:
PostPosted: 02 Oct 2007 11:38 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
A format string allows code execution so, although it's different than buffer-overflow (aaaaaaa...aaaa), it has the same final effect.
In C there are the functions of the *printf family in which you can specify a string (called format argument or string) that is used to show numbers in hex format, or in decimal format, or parts of text strings and so on: %s %n %f %c %d %u %o and so on.
When this format argument is missed the user supplied string will be used as format allowing the attacker to take control of the stack.


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: