[cod] Cod WW: 1024 bytes Command Exploit

[Jumping Jack Flash]

There is a solution. In some servers don't work. That is why we must find
how to protect our servers, and this exploit is very old, from cod2... it's
nothing new...
2009/1/24 Hannu Kumpeli <hannu at shadowstyle.nl>

> Thx for the info hope this will be fixed in the new patch.
>
> > Hi guys, every day my cod5 server fall down cause this error: Attempted
> to
> > overrun string in call to va()
> > I've found some information about it:
> >
> > "va() is a function of the Quake 3 engine used to quickly build strings
> > using snprintf and a static destination buffer.
> > If the generated string is longer than the available buffer the server
> > shows an "Attempted to overrun string in call to va()" error and
> > terminates.
> > From Call of Duty 2 (and consequently) the size of this buffer has
> > been reduced from the original 32000 bytes to only 1024 causing many
> > problems to the admins.
> >
> > So in CoD5 an attacker which has joined the server can exploit this
> > vulnerability through the sending of a command longer than 1024 bytes
> > causing the immediate termination of the server."
> >
> > I try it, and it works. I you send this command to the server, it will
> crash:
> >
> > cmd
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa>
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa>
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa>
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa>
> aaaa
> >
> > I test it in differents servers, in someones worked, in other
> > didn't... Anybody knows a solution for this exploit?
> >
> > Thank, and sorry my english :P
> >
> > JuMp!nG
>
>
> ---
> To unsubscribe, send a blank email to cod-unsubscribe at icculus.org
> Mailing list archives: http://icculus.org/cgi-bin/ezmlm/ezmlm-cgi?38
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20090124/d0e13458/attachment.htm>