Rigs of Rods Sequencer::queueMessage() buffer overflow

rigsofrods-queuemessage-bo (38549) The risk level is classified as LowLow Risk

Description:

Rigs of Rods is vulnerable to a buffer overflow, caused by improper bounds checking of the MSG2_USE_VEHICLE parameter by Sequencer::queueMessage() function. By joining a game server with an overly long vehicle name, a remote attacker could overflow a buffer and cause the server to crash.

Platforms Affected:

  • Rigs of Rods, Rigs of Rods 0.33d

Remedy:

Upgrade to the latest version of Rigs of Rods (0.33d-SP1 or later), available from the Rigs of Rods Web site. See References.

Consequences:

Denial of Service

References:

  • Luigi Auriemma Advisory 19 Nov 2007, Static buffer overflow in Rigs of Rods 0.33d at http://aluigi.altervista.org/adv/rorbof-adv.txt.
  • Rigs of Rods Repository Web site, Rigs of Rods Repository at http://repository.rigsofrods.com/.
  • Rigs of Rods Web site, Rigs of Rods at http://www.rigsofrods.com/.
  • BID-26502: Rigs of Rods Long Vehicle Name Buffer Overflow Vulnerability
  • CVE-2007-6041: Buffer overflow in the Sequencer::queueMessage function in sequencer.cpp in the server in Rigs of Rods (RoR) before 0.33d SP1 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code by sending a nickname, then a vehicle name in a MSG2_USE_VEHICLE message, in which the combined length triggers the overflow.
  • FrSIRT/ADV-2007-3938: Rigs Of Rods Sequencer::queueMessage() Denial of Service Issue
  • SA27729: Rigs Of Rods Denial of Service Vulnerability

Reported:

Nov 19, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page