####################################################################### Luigi Auriemma Application: Ground Control II: Operation Exodus http://www.groundcontrol2.com Versions: <= 1.0.0.7 Platforms: Windows Bug: forced exit (DoS) Exploitation: remote, versus servers and clients (broadcast) Date: 26 August 2004 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== Ground Control II is a futuristic strategy game developed by Massive Entertainment (http://www.massive.se) and published by Sierra (http://www.sierra.com). It has been released in June 2004. ####################################################################### ====== 2) Bug ====== The problem is very simple, the game automatically exits if it receives a packet bigger than the max supported size (usually 512 bytes) because some instructions check for the socket error "Message too long" and consider it critical. Both servers and clients are vulnerables and the major problem is just for clients because a single malicious server is able to automatically (or also directly) crash any client in the world so nobody can play online. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/gc2boom.zip ####################################################################### ====== 4) Fix ====== The official online Massive Entertainment servers have been fixed but no official patch has been released yet. The bug is very easy to fix so I have created an unofficial patch for the dedicated server 1.0.0.7 and the demo 0.0.8.1 (the retail game uses CD protections so I don't support it): http://aluigi.org/patches/gc2ds-1007-fix.zip http://aluigi.org/patches/gc2-demo0081-fix.zip #######################################################################