[cod] SecurityFocus
Matthew Keen
Tali at heavenly-existance.net
Tue Feb 15 18:35:22 EST 2005
From what I gather, this is a remote exploit, not an local one.
If you look at the source code of the "testing" tool you will see it
send UDP packets with 760 -> 2000bytes of an info string to the server
(sorta like a rquest for the server info)
Besides, this happens on servers that one less the 18 character set
commadns htruout config, or even using the default config this crash
still occurs with the test tool.
Ian mu wrote:
>I've seen that problem where people have long sets commands which
>often looks like an exploit...i.e
>
>sets admin "admin at blah.blah, someoneelse at blah.blah, someoneelse at blah.blah"
>
>etc
>
>If people cut the size of those down the problem typically goes away.
>If its left too long (not sure exactly "what" too long is though) it
>can cause intermittent crashes. So I'd suggest keeping sets commands
>not too long.
>
>Would be better to keep it capped though to stop it happening in the
>first place (if that is the issue)
>
>ian
>
>
More information about the Cod
mailing list