####################################################################### Luigi Auriemma Application: Serious engine http://www.seriousengine.com Games: all the games based on this engine and using the UDP protocol: - Alpha Black Zero - Nitro family - Serious Sam Second Encounter 1.07 Platforms: Windows, Linux and Mac Bug: crash Exploitation: remote, versus server Date: 28 November 2004 (and 29 Sep 2004) Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== The Serious engine is a well known game engine developed by Croteam (http://www.croteam.com) and used by some games. ####################################################################### ====== 2) Bug ====== The bug affects the games based on the Serious engine using the UDP protocol (those using TCP are immune). The problem is that the server doesn't limit the amount of new players, so it crashs when too much (fake) players try to join. Is needed only one packet to create a fake player and the bug can be exploited also versus servers protected by password "without" knowing the keyword. ####################################################################### =========== 3) The Code =========== http://aluigi.org/fakep/ssfakep.zip ####################################################################### ====== 4) Fix ====== No fix. #######################################################################