[cod] Linux CoD-UO server crashing with exploit warning

Mark J. DeFilippis defilm at acm.org
Thu May 12 07:26:17 EDT 2005 

Hum... I have a code chunk that is an overflow issue that I have been 
meaning to test for about 2 months now and I have not had the time.  U 
really don't need the code chunk, any user can enter the command from 
console and crash a server according to the post I picked the info up from 
on a reliable anti-cheat server.

I didn't test it right away because I thought the current linux server was 
patched against those buffer type problems at this point and it was old 
info.  If Steve went back to 1.51, I had better check it out.

Problem is 1.51 is required for most competition ladders, and there are 
ways a user can get around you disabling their console ability.

The one I am looking at is Linux server specific.  No patch on this???  My, 
my it is a'
conditional check, where most code problems exist... boundary checking,..

Wonder if we saw the last patch due to the fact that everyone is busy with 
COD II.
Ryan has coded a bunch of Linux engine servers these days.  Only so much of him
to go around.  I just wonder if it had been found earlier, I bet it would 
have been
patched in 1.51b, as this does not seem like a complex  fix at all compared
to some of the code changes for the map traversal.... Man, do I remember that
time like it was yesterday.

Dr. D

At 07:01 PM 5/11/2005, you wrote:
>We reverted back 1.51 and its seems much more stable :(
>
>    Steve / K
>----- Original Message ----- From: "frenton" <frenton at orcon.net.nz>
>
>
>>Thats why i disabled the console COMPLETELY! no really need for that here.
>
>
>
>================================================
>This e.mail is private and confidential between Multiplay (UK) Ltd. and 
>the person or entity to whom it is addressed. In the event of 
>misdirection, the recipient is prohibited from using, copying, printing or 
>otherwise disseminating it or any information contained in it.
>In the event of misdirection, illegible or incomplete transmission please 
>telephone (023) 8024 3137
>or return the E.mail to postmaster at multiplay.co.uk.

S1,-------------------------------------------------------------------------------
Mark J. DeFilippis, Ph. D EE          defilm at acm.org
                                       defilm at ieee.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20050512/48d514a5/attachment.htm>

More information about the Cod mailing list