#######################################################################

                             Luigi Auriemma

Application:  Remote admin for Star wars battlefront
              http://www.nolimitclan.com
Versions:     .1 ???
Platforms:    Windows
Bug:          run-time error
Exploitation: remote, versus server
Date:         28 November 2004
Author:       Luigi Auriemma
              e-mail: aluigi@autistici.org
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Remote admin for Star wars battlefront (swbfraw32) is a client and
server tool for the remote administration of the Star Wars Battlefront
servers.

This tool doesn't seem to have an official homepage from which
downloading it however it is mirrored by many Star Wars Battlefront
websites.


#######################################################################

======
2) Bug
======


An attacker can stop the swbfraw32 server sending a partial command.
For example he can use the command "Use" followed by the nickname field
but without the needed password field.

Practically the correct command is:

  Use|nickname|password

while the malformed command to stop the server is:

  Use|nickname


#######################################################################

===========
3) The Code
===========


Telnet to the port 8765 of the swbfraw32 server and type:

  Use|boom

The server will become unreachable and will appear a "Run-time error
'9': Subscript out of range" dialog box.


#######################################################################

======
4) Fix
======


No fix.
I have no idea about how to reach the author and if this tool is still
supported.


#######################################################################