Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20052
HistoryJun 16, 2008 - 12:00 a.m.

Denial of Service in S.T.A.L.K.E.R. 1.0006

2008-06-1600:00:00
vulners.com
6
JSON

#######################################################################

                         Luigi Auriemma

Application: S.T.A.L.K.E.R.: Shadow of Chernobyl
http://www.stalker-game.com
Versions: <= 1.0006
Platforms: Windows
Bug: Denial of Service
Exploitation: remote
Date: 15 Jun 2008
Author: Luigi Auriemma
e-mail: [email protected]
web: aluigi.org

#######################################################################

1) Introduction
2) Bug
3) The Code
4) Fix

#######################################################################

===============
1) Introduction

S.T.A.L.K.E.R. is a FPS game developed by GSC Game World
(http://www.gsc-game.com) and released at the beginning of the 2007
(the Clear Sky sequel is planned for the next months).

#######################################################################

======
2) Bug

The server of this game can be easily terminated remotely through the
usage of a nickname longer than 64 bytes which will reaise an
exception.
If the server is protected by password the attacker must know the right
keyword to exploit the vulnerability.
Although the server supports the banning of the IP addresses is
possible to spoof packets and bypassing this limitation due to the lack
of handshakes in the protocol of the game.

#######################################################################

===========
3) The Code

http://aluigi.org/poc/stalkerboom.zip

#######################################################################

======
4) Fix

No fix

#######################################################################

Luigi Auriemma
http://aluigi.org

JSON