[cod] SecurityFocus

Robert Mount rmount at gmail.com
Tue Feb 15 20:19:14 EST 2005


Tested on linux servers with "b" patch and they are not effected.
Tested on a Windows server with "b" patches and they crash with this
new test tool.

Can someone else with a (i know, i know) windows box test it out?

--Rob


On Wed, 16 Feb 2005 10:05:22 +1030, Matthew Keen
<Tali at heavenly-existance.net> wrote:
>  From what I gather, this is a remote exploit, not an local one.
> 
> If you look at the source code of the "testing" tool you will see it
> send UDP packets with 760 -> 2000bytes of an info string to the server
> (sorta like a rquest for the server info)
> 
> Besides, this happens on servers that one less the 18 character set
> commadns htruout config, or even using the default config this crash
> still occurs with the test tool.
> 
> Ian mu wrote:
> 
> >I've seen that problem where people have long sets commands which
> >often looks like an exploit...i.e
> >
> >sets admin "admin at blah.blah, someoneelse at blah.blah, someoneelse at blah.blah"
> >
> >etc
> >
> >If people cut the size of those down the problem typically goes away.
> >If its left too long (not sure exactly "what" too long is though) it
> >can cause intermittent crashes. So I'd suggest keeping sets commands
> >not too long.
> >
> >Would be better to keep it capped though to stop it happening in the
> >first place (if that is the issue)
> >
> >ian
> >
> >
> 
>



More information about the Cod mailing list