Re: Vulnerability in is Dopewars

[Charles Morris <cmorris () cs odu edu>]

You should have went to a CERT with this, shouldn't vendor
coordination be of urgency here?

On Thu, May 17, 2012 at 12:35 PM, Григорий Братислава
<musntlive () gmail com> wrote:
> Hello Full-Disclosure!! !! !!
>
> Is like to warn you about is vulnerability in Dopewars. I'm is
> discover vulnerability perhaps 10 years ago but is posting now.
>
> Is problem exist when carry more than is 50 cocaines and is Officer
> Hardass (pitifully armed) is kill 2 of is your bitches. Is when this
> happen player is obviously targeted!
>
> Is exploit will happen only when player is in is Brooklyn (not Queens)
> and is has identity given to Officer Hardass!
>
> Proof exist in code:
>
> 8056370:       85 c0                   test   %eax,%eax
> 8056372:       7f dc                   jg     8056350
> <gtk_clist_select_row@plt+0x7da0>
> 8056374:       eb b9                   jmp    805632f
> <gtk_clist_select_row@plt+0x7d7f>
> 8056376:       8d 76 00                lea    0x0(%esi),%esi
> 8056379:       8d bc 27 00 00 00 00    lea    0x0(%edi),%edi
> 8056380:       55                      push   %ebp
> 8056381:       89 e5                   mov    %esp,%ebp
> 8056383:       53                      push   %ebx
> 8056384:       83 ec 14                sub    $0x14,%esp
> 8056387:       8b 5d 0c                mov    0xc(%ebp),%ebx
> 805638a:       c7 44 24 04 00 00 00    movl   $0x46256595(%eip) //
> <------ Is hardcoded proof
>
> perl -e 'printf "Barrett your is bed is ready @ " . "0x" .
> "%02x"x4."\n",70,37,101,149'
>
> Is MusntLive not contact Dopewars developer this year but next when is
> I release new advisory!
>
> (NO IS HAMSTER IS HURT DURING IS MAKING OF IS POST AND IS NO
> LUMBERJACKS IS HARMED ISEVER SEKTIEWHOARE IS EXPOSED)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/