Lithtech engine Memory Corruption Vulnerability

vendor:

Lithtech engine

by:

Luigi Auriemma

7,5

CVSS

HIGH

Memory Corruption

119

CWE

Product Name: Lithtech engine

Affected Version From: F.E.A.R. <= 1.08, F.E.A.R. 2 Project Origin <= 1.05

Affected Version To: F.E.A.R. <= 1.08, F.E.A.R. 2 Project Origin <= 1.05

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows and Mac

2010

Lithtech engine Memory Corruption Vulnerability

Through a malformed packet is possible to corrupt the memory of the game with effects that seem to suggest the possibility for an attacker to do something more than the crashing of the server. Indeed the problem affects some function pointers so it's not exclude the possibility to execute arbitrary code.

Mitigation:

Ensure that all user input is validated and sanitized before being used in the application.

Source

Exploit-DB raw data:

# Original Advisory: http://aluigi.org/adv/fearless-adv.txt
#
#######################################################################

                             Luigi Auriemma

Application:  Lithtech engine
              http://www.lithtech.com
Games:        any game should be affected, refer to
              http://en.wikipedia.org/wiki/Lithtech#Lithtech_implementations
              those personally tested by me are:
                F.E.A.R.                                        <= 1.08
                F.E.A.R. 2 Project Origin                       <= 1.05
                  http://www.whatisfear.com
Platforms:    Windows and Mac
Bug:          memory corruption
Exploitation: remote, versus server
Date:         20 Jul 2010
Author:       Luigi Auriemma
              e-mail: aluigi@autistici.org
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Lithtech is the well known game engine developed by Monolith and used
in various famous games like Alien vs Predator 2, No One Lives Forever
and the F.E.A.R. series.
Currently the first episode of F.E.A.R. is the most played online of
the games based on the Lithtech engine.


#######################################################################

======
2) Bug
======


I premise that I haven't performed a deep research on the vulnerability
and I have focused my tests mainly on F.E.A.R. although after a quick
test has been confirmed the same/similar problem on other games that
use protocol 2 of the Lithtech engine like No One Lives Forever 2.

Through a malformed packet is possible to corrupt the memory of the
game with effects that seem to suggest the possibility for an attacker
to do something more than the crashing of the server.
Indeed the problem affects some function pointers so it's not excluded
the possibility to have a certain control over them and the code flow
remotely.

No other technical details are available at the moment.


#######################################################################

===========
3) The Code
===========


http://aluigi.org/poc/fearless.zip
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14424.zip (fearless.zip)

tuned to work with the F.E.A.R. series, so Project Origin included.


#######################################################################

======
4) Fix
======


No fix.


#######################################################################