"Chris Eagle" firstname.lastname@example.org
Naval Postgraduate School (EAGLE)
An interactive guessing game in which players guess one letter at a time in a attempt to guess a randomly selected word before making too many incorrect guesses.
This service contains two vulnerabilities. Both vulnerabilities are present in the getHighScore function. A player must win the game in order to gain access to the vulnerable code. The first vulnerability is a buffer overflow while reading the player's name at line 73 of service.c. The second vulnerability is a format string vulnerability while printing the player's name at line 88 of service.c.
Stack based buffer overflow Format string vulnerability
This CB requires a CRS to implement a game playing strategy for hangman with a randomly selected word. The entire word list is known to the CRS. A CRS must win the game in order to have a chance to reach the vulnerable code. Three PoVs are provided. pov_3 exercises the stack overflow and negotiates a type 1 pov. pov_2 exercises the format string vulnerability and negotiates a type 2 pov. pov_1 performs a coin flip to randomly choose whether to exercises the stack overflow and do a type 1 or exercises the format string vulnerability and do a type 2. pov_1 demonstrates that a single PoV may be capable of choosing one of several possible vulnerabilities to prove. Additionally it should be noted that the current implementation of the PoVs for the format string vulnerability are subject to occasional failure depending on the distribution of null bytes in the secret data page. This potential for failure might motivate a CRS to chose to throw a PoV several times within a single round to increase the probability that a vulnerability is proved at least once.
Curated by Lunge Technology, LLC. Questions or comments? Send us email