CVE-2004-0238 - 0verkill Game Client Multiple Local Buffer Overflow Vulnerabilities

Publication

2004-11-23

Last modification

2017-07-11

Summary

Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow local users to execute arbitrary code in the client via a long HOME environment variable in the (1) load_cfg and (2) save_cfg functions; possibly allow remote attackers to execute arbitrary code via long strings to (3) the send_message function; and, in the server, via (4) the parse_command_line function.

Description

The 0verkill game client has been reported prone to multiple instances of exploitable buffer overrun vulnerabilities. The functions that have been reported to be affected are load_cfg(), save_cfg() and send_message(). It has been reported that due to a lack of sufficient boundary checks performed on user supplied data, an attacker may exploit the issues to execute arbitrary instructions in the security context of the Overkill game client.

Solution

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: info@vumetric.com <mailto:info@vumetric.com>.

Exploit

The following proof of concept exploit has been supplied for Linux based systems. /data/vulnerabilities/exploits/0verkill-exploit.c

Risk level (CVSS AV:L/AC:L/Au:N/C:C/I:C/A:C)

High

7.2

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
0Verkill 0Verkill  0.16