A denial of service flaw exists in Battle Carry versions .005 and below. A packet bigger than 8192 bytes causes a socket error in the Python code used to handle the server which immediately terminates the socket and interrupts the listening on the UDP port where has been received the packet.
dd19b491411de098999e9bd19c17cd529e108a99d9ab332c8aca828a21660070
#######################################################################
Luigi Auriemma
Application: Battle Carry
https://www.battlecarry.com
Versions: <= .005
Platforms: Windows
Bug: socket termination
Exploitation: remote, versus server
Date: 02 Nov 2005
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
web: https://aluigi.altervista.org
#######################################################################
1) Introduction
2) Bug
3) The Code
4) Fix
#######################################################################
===============
1) Introduction
===============
Battle Carry is a tank war game developed by AFSL Games
(https://www.afslgames.com) and released in October 2005.
#######################################################################
======
2) Bug
======
A packet bigger than 8192 bytes causes a socket error in the Python
code used to handle the server which immediately terminates the socket
and interrupts the listening on the UDP port where has been received
the packet.
#######################################################################
===========
3) The Code
===========
https://aluigi.altervista.org/poc/bcarrydos.zip
#######################################################################
======
4) Fix
======
No fix.
Developers have been contacted but after the only mail I received I
have no longer heard them so I don't know when and if a patch will be
released.
#######################################################################
---
Luigi Auriemma
https://aluigi.altervista.org
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed