[cod] SecurityFocus

Robert Mount rmount at gmail.com
Tue Feb 15 22:14:22 EST 2005 

Perhaps Ryan can pass this along to the Activision/IW/GM folks, we
need a "C" patch (for Windows) to fix this ASAP.

I noticed that the linux b patch for CoD (not UO) has made its way to
http://www.callofduty.com/patch or maybe that's old news.

--Rob

On Wed, 16 Feb 2005 12:11:59 +1030, Matthew Keen
<Tali at heavenly-existance.net> wrote:
> Done and (eew) done..
> 
> Just whacked one up quickly, installed patch to 1.5b (Standard COD) and
> started a server with default config, crashed with tool.
> Their is a tool u can compile under linux that will patch the windows
> exe's thou, should give it a whirl, not expecting it to work for some
> reason, it been windows and all.
> 
> Robert Mount wrote:
> 
> >Tested on linux servers with "b" patch and they are not effected.
> >Tested on a Windows server with "b" patches and they crash with this
> >new test tool.
> >
> >Can someone else with a (i know, i know) windows box test it out?
> >
> >--Rob
> >
> >
> >On Wed, 16 Feb 2005 10:05:22 +1030, Matthew Keen
> ><Tali at heavenly-existance.net> wrote:
> >
> >
> >> From what I gather, this is a remote exploit, not an local one.
> >>
> >>If you look at the source code of the "testing" tool you will see it
> >>send UDP packets with 760 -> 2000bytes of an info string to the server
> >>(sorta like a rquest for the server info)
> >>
> >>Besides, this happens on servers that one less the 18 character set
> >>commadns htruout config, or even using the default config this crash
> >>still occurs with the test tool.
> >>
> >>Ian mu wrote:
> >>
> >>
> >>
> >>>I've seen that problem where people have long sets commands which
> >>>often looks like an exploit...i.e
> >>>
> >>>sets admin "admin at blah.blah, someoneelse at blah.blah, someoneelse at blah.blah"
> >>>
> >>>etc
> >>>
> >>>If people cut the size of those down the problem typically goes away.
> >>>If its left too long (not sure exactly "what" too long is though) it
> >>>can cause intermittent crashes. So I'd suggest keeping sets commands
> >>>not too long.
> >>>
> >>>Would be better to keep it capped though to stop it happening in the
> >>>first place (if that is the issue)
> >>>
> >>>ian
> >>>
> >>>
> >>>
> >>>
> >>
> >>
> 
>

More information about the Cod mailing list