AOH :: HP Unsorted Z :: BX3821.HTM

ZDaemon 1.08.07 null pointer vuln



NULL pointer in ZDaemon 1.08.07
NULL pointer in ZDaemon 1.08.07




#######################################################################

                             Luigi Auriemma

Application:  ZDaemon
http://www.zdaemon.org 
Versions:     <= 1.08.07
Platforms:    Windows and Linux
Bug:          NULL pointer
Exploitation: remote, versus server (in-game)
Date:         21 Jul 2008
Author:       Luigi Auriemma
e-mail: aluigi@autistici.org 
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

==============1) Introduction
==============

ZDaemon is one of the most played multiplayer ports of the Doom engine
and at the same time one of the most criticized too.


#######################################################################

=====2) Bug
=====

The ZDaemon server is affected by a NULL pointer vulnerability which
allows an attacker to crash it when a specific type of command (type 6)
is used.

The attacker needs to join the server for exploiting this bug so his IP
address must be not banned and he must know the right keyword if the
server is protected with a password.


#######################################################################

==========3) The Code
==========

http://aluigi.org/poc/zdaemonull.zip 


#######################################################################

=====4) Fix
=====

No fix


#######################################################################


--- 
Luigi Auriemma
http://aluigi.org 
http://backup.aluigi.org 
http://mirror.aluigi.org 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.