• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: America's Army Multiple Vulnerabilities

Severity: MODERATE

Description:

America's Army is a multiplayer first-person-shooter game available for various operating systems.

America's Army is prone to multiple vulnerabilities:

1. A denial-of-service occurs when handling of multiple players joining the server. Attackers could exploit the issue by sending multiple specially crafted packets to UDP port 8777.

2. A denial-of-service issue presents itself when handling queries. Attackers may exploit this to cause the server to continuously send error messages. Attackers can exploit this issue by sending a specially crafted packet to UDP port 39300.

3. A NULL-pointer dereference vulnerability occurs when handling queries with certain data types ('0x07'). Attackers can exploit this issue to cause denial-of-service conditions by sending a specially crafted packet to UDP port 39300.

4. An access-violation vulnerability occurs when processing certain string size values. Attackers can exploit this issue by sending a specially crafted packet with a negative string size to UDP port 39300.

5. A denial-of-service vulnerability occurs when processing specially crafted packets with negative fragment numbers. Attackers can exploit this issue by sending specially crafted packets to UDP port 39300.

Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect America's Army 3.0.5 and prior versions.

Affected Products:

• America's Army America's Army 3.0.5

References:

• America's Army: America's Army Homepage
• Luigi Auriemma: America's Army 3 NULL pointer and access violations
• Luigi Auriemma: America's Army 3 negative memset overflow
• Luigi Auriemma: America's Army 3 packets loop
• Luigi Auriemma: America's Army 3 resources consumption and crash

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.