[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] GSC Voice Server Denial of Service Vulnerability

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] GSC Voice Server Denial of Service Vulnerability
From: "Michael J. Gray" <mooseous@xxxxxxxxx>
Date: Thu, 29 Sep 2011 03:22:21 -0700

Product: GSC (Game Servers Client)

Version: 2.00 Build 3017

Website: http://getgsc.com

 

By inspecting the network traffic of messages to voice servers one can see
that ASCII strings are prefixed with their length as a 32-bit signed
integer. Simply modifying this to any length in excess of the actual
string's length will cause a denial of service to that voice server by
crashing it. This may be a precursor to a buffer overflow vulnerability, but
it appears not to be exploitable in this way at this time.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] GSC Chat Server Authentication Bypass
Next by Date: Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member
Previous by thread: [Full-disclosure] GSC Chat Server Authentication Bypass
Next by thread: [Full-disclosure] [SECURITY] [DSA 2312-1] iceape security update
Index(es):
- Date
- Thread