Lithtech Engine communication handling denial of service

lithtech-engine-communication-dos (18456) The risk level is classified as LowLow Risk

Description:

Lithtech Engine is vulnerable to a denial of service attack. A remote attacker could send a UDP datagram containing 0 or 8193 to 12280 bytes to the Lithtech Engine to cause a denial of service.


Consequences:

Denial of Service

Remedy:

No remedy available as of July 6, 2008.

References:

  • Altervista Web site: Lithtech engine (new network protocol).
  • Full-Disclosure Mailing List, Mon Dec 13 2004 - 12:25:19 CST : Socket unreacheable in the Lithtech engine (new protocol).
  • Luigi Auriemma Advisory Web page: ADVISORIES.
  • BID-11902: Monolith Lithtech Game Engine Remote Denial Of Service Vulnerability
  • CVE-2004-1395: The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) No one lives forever 2 1.3 and earlier, (3) Tron 2.0 1.042 and earlier, (4) F.E.A.R. (First Encounter Assault and Recon), and possibly other games, allows remote attackers to cause a denial of service (connection refused) via a UDP packet that causes recvfrom to generate a return code that causes the listening loop to exit, as demonstrated using zero byte packets or packets between 8193 and 12280 bytes, which result in conditions that are not Operation would block.
  • SA13446: Lithtech Engine UDP Datagram Denial of Service Vulnerability
  • SA17317: F.E.A.R. Lithtech Engine Denial of Service and Format String Vulnerabilities

Platforms Affected:

  • TouchDown Entertainment Lithtech

Reported:

Dec 14, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page