[cod] [Fwd: [Full-Disclosure] Broadcast shutdown in Call of Duty 1.4]

Boco loneboco at gmail.com
Tue Sep 7 21:36:46 EDT 2004


I doubt it.  Unless there is somebody who knows how to hex-edit
CoDMP.exe and can duplicated Luigi's fix.  He gave a list of all the
hex addresses he changed in CoDMP.exe, so if somebody with knowledge
of dissassembly can find out exactly what his changes do, and
duplicate those changes for CoD 1.1, I doubt a patch will be released.


On Tue, 07 Sep 2004 20:17:02 -0400, John Kennington
<gadruid at bellsouth.net> wrote:
> 
> 
> Christopher Kunz wrote:
> 
> > Hi everybody,
> >
> > just a quick "heads up" that Luigi has posted the CoD crashbug to
> > Bugtraq yesterday, so if you didn't get around to patching your
> > servers, you know what to do tonight ;)
> >
> > --ck
> >
> > ------------------------------------------------------------------------
> >
> > Subject:
> > [Full-Disclosure] Broadcast shutdown in Call of Duty 1.4
> 
> 
> > From:
> > Luigi Auriemma <aluigi at autistici.org>
> > Date:
> > Sun, 5 Sep 2004 17:02:06 +0000
> > To:
> > bugtraq at securityfocus.com, bugs at securitytracker.com,
> > news at securiteam.com, full-disclosure at lists.netsys.com
> >
> > To:
> > bugtraq at securityfocus.com, bugs at securitytracker.com,
> > news at securiteam.com, full-disclosure at lists.netsys.com
> >
> >
> >#######################################################################
> >
> >                             Luigi Auriemma
> >
> >Application:  Call of Duty
> >              http://www.callofduty.com
> >Versions:     <= 1.4
> >Platforms:    Windows and Linux
> >Bug:          Denial of Service
> >Risk:         high
> >Exploitation: remote, versus servers and clients (broadcast)
> >Date:         05 September 2004
> >Author:       Luigi Auriemma
> >              e-mail: aluigi at altervista.org
> >              web:    http://aluigi.altervista.org
> >
> >
> >#######################################################################
> >
> >
> >1) Introduction
> >2) Bug
> >3) The Code
> >4) Fix
> >
> >
> >#######################################################################
> >
> >===============
> >1) Introduction
> >===============
> >
> >
> >Call of Duty is the famous military FPS game developed by Infinity Ward
> >(http://www.infinityward.com) and released in October 2003.
> >
> >An interesting note is that this security bug was already known by some
> >people since the release of my recent Medal of Honor buffer-overflow
> >(17 July 2004), in fact the same proof-of-concept works perfectly with
> >Call of Duty too.
> >
> >
> >#######################################################################
> >
> >======
> >2) Bug
> >======
> >
> >
> >The game uses some anti-buffer-overflow checks that automatically
> >shutdown the game if they find a too big input.
> >
> >The result is that a query or a reply containing over 1024 chars is
> >able to exploit this protection causing the immediate stop of the game.
> >
> >Both servers and clients are vulnerables and the major problem is just
> >for clients because a single malicious server is able to passively stop
> >any client in the world so nobody can play online.
> >
> >
> >#######################################################################
> >
> >===========
> >3) The Code
> >===========
> >
> >
> >http://aluigi.altervista.org/poc/codboom.zip
> >
> >
> >#######################################################################
> >
> >======
> >4) Fix
> >======
> >
> >
> >Only the official patch for the Linux version is available (since some
> >weeks) and can be downloaded here:
> >
> >  http://www.icculus.org/betas/cod/
> >
> >The Windows patch is not available and "probably" will be released at
> >the end of September.
> >
> >In the meantime I have written an unofficial fix just for the 1.4 Win32
> >version of the game and is able to patch both clients and servers
> >because the function is the same:
> >
> >  http://aluigi.altervista.org/patches/cod-14-fix.zip
> >
> >
> >#######################################################################
> >
> >
> >---
> >Luigi Auriemma
> >http://aluigi.altervista.org
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> >
> >
> >
> Will there be a patch for 1.1?  We got this last night:
> 
> ********************
> ERROR: Info string length exceeded
> key: 'protocol'
> value: '1'
> Info string:
> \challenge\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> 
> ********************
> ----- Server Shutdown -----
> Sending heartbeat to codmaster.activision.com
> Sending heartbeat to master0.gamespy.com
> ==== ShutdownGame ====
> ---------------------------
> 
> --
> ____________________
> John Kennington
> "....waiting on the pier 'till Charon comes...."
> 
>



More information about the Cod mailing list