#######################################################################

                             Luigi Auriemma

Application:  Bontago
              http://www.bontago.com
Versions:     <= 1.1
Platforms:    Windows
Bug:          buffer-overflow
Exploitation: remote, versus server
Date:         18 Feb 2005
Author:       Luigi Auriemma
              e-mail: aluigi@autistici.org
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Bontago is a nice and original strategy game developed the DigiPen
Institute of Technology (http://www.digipen.edu).

Currently the game doesn't use master servers (BontagoNet will be
introduced in the next versions) so the vulnerability is not very
critical because the attacker must know the server's IP address or be
in its same LAN/WAN.


#######################################################################

======
2) Bug
======


The game server is affected by a buffer-overflow exploitable by an
attacker through the sending of a nickname longer than 512 bytes with
the possibility to execute malicious code on the victim.

Note: in the beta version 1.2b1 the server crashs due to the access to
      wrong memory zones but I wasn't able to replicate the cause the
      buffer-overflow.


#######################################################################

===========
3) The Code
===========


http://aluigi.org/poc/bontagobof.zip


#######################################################################

======
4) Fix
======


No fix.
I have received no reply from the developers.


#######################################################################