Luigi Auriemma has reported some vulnerabilities in Live for Speed, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.

1) A boundary error in the processing of network packets with an "ID" of 3 can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet containing an overly long nickname (over 24 bytes).

Successful exploitation allows execution of arbitrary code but requires valid credentials if the server is password protected.

2) A boundary error in the processing network packets with an "ID" of 10 can be exploited to cause a buffer overflow by sending a specially crafted packet requesting an overly long track name, inexistent on the server.

Successful exploitation requires valid credentials if the server is password protected.

3) An error in the processing of pre-login packets with an "ID" of 3 can be exploited to cause a DoS by sending a specially crafted packet containing a 0 byte at offset 23.

4) An error in the processing of pre-login packets with an "ID" of 5 can be exploited to cause a DoS by sending a specially crafted packet to the vulnerable server.

NOTE: Vulnerabilities #3 and #4 don't affect Demo and LAN servers.

The vulnerabilities are reported in versions prior to 0.5X10. Other versions may also be affected.

Solution
Fixed in version 0.5X12 of the dedicated server.
Further details available in Customer Area

Provided and/or discovered by
Luigi Auriemma

Changelog
Further details available in Customer Area

Original Advisory
http://aluigi.altervista.org/adv/lfsbof-adv.txt

Deep Links
Links available in Customer Area